DDCjILEjCOPY  ad  A  o  7  8  4  1  4 


This  report  was  prepared  with  the  support  of  the  National 
Science  Foundation  Grant  No.  MCS- 7 7- 01 1 9 3  and  No.  MCS- 77-0531 4 . 
It  will  appear  in  the  Journal  of  the  ACM.  A  preliminary  version 
of  Sections  2  and  3  was  presented  at  the  Conference  for  Theoret¬ 
ical  Computer  Science  at  Waterloo,  July  1977,  in  a  joint  paper 
with  P .  A .  Bernstein  and  J.  B.  Rothme. 


MASSACHUSETTS  INSTITUTE  OF  TECHNOLOGY 


LABORATORY  FOR  COMPUTER  SCL&liCE 


VfJSF-  MCS77-jgfll?3 


CAMBRIDGE 


The  Serial  inability  of  Concurrent  Database  Updates* 


Christos  H.  Papadimitr lou 
Massachusetts  Institute  of  Technology 


Abstract 


A  sequence  of  interleaved  user  transactions  in  a  database  syitem  may  not 
be  serializable  ,  i.e.,  equivalent  to  some  sequential  execution  of  the 
individual  transactions .  Using  a  simple  transaction  model  w.-  show  that 
recognizing  the  transaction  histories  which  are  serializable  is  an  NP- 
complote  problem.  We  therefore  introduce  several  efficiently  recognizable 
subclasses  of  the  class  of  serializable  histories;  most  of  these  sub¬ 
classes  correspond  to  ser ial izabi 1 ity  principles  existing  in  the 
literature  and  used  in  practice.  We  also  propose  ti#D  new  principles 
which  subsume  all  previously  Known  ones.  Wo  qive  necessary  and  sufficient 
conditions  for  a  class  of  histories  to  be  the  output  of  an  efficient 
history  scheduler;  these  conditions  imply  that  there  can  be  no  efficient 
scheduler  that  outputs  all  of  serializable  histories,  and  also  that  all 
subclasses  of  serializable  histories  studied  above  have  an  efficient 
scheduler.  Finally,  we  show  how  our  results  can  be  extended  to  far  more 
general  transaction  models,  to  transactions  with  partly  interpreted 
functions,  and  to  distributed  database  systems. 


Research  supported  by  NSF  Grants  MCS-77-01193  and  MCS-77-05314 . 


I 

1.  INTRODUCTION 

In  many  situations  many  users  may  consult  and  update  a  common  data¬ 
base.  We  can  think  of  such  independent  user  transactions  as  sequences  of 
atomic  database  operations,  interleaved  with  computations  that  are  local 
to  the  user,  that  is,  they  do  not  affect  or  depend  on  the  current  state 
of  the  database.  It  ir.  a  function  of  database  management  to  handle  the 
update  and  retrieval  requests  made  by  the  users  in  such  a  way  so  that  the 
resulting  overall  process  is  in  some  appropriate  sense  correct.  It  is 
generally  accepted --see,  for  example,  [SLR )  ,  [SKJ,  [EGLT] ,  [BPR]""that 
the  right  notion  of  correctness  in  this  context  is  that  of  aerializ-ii  ility . 
A  sequence  of  atomic  user  up'datos/retr ievals  is  called  serializable 
essentially  if  its  overall  effect  is  as  though  the  users  took  turns,  in 
some  order,  executing  each  their  entire  transaction  indivisibly.  The 
simplest  exampde  of  a  non-ser ial izable  sequence  is  a  primitive  form  of  a 
“race”.  Imagine  two  users  that  increment  a  counter  by  first  sensing  its 
value,  and  later  registering  an  increased  one.  If  both  users  retrieve 
the  value  of  the  counter  before  either  of  them  has  updated  it,  the 
resulting  execution  sequenco--or  hietory--ia  not  serializable.  This  is 
because  both  possible  serial  executions  of  these  transactions  would  have 
resulted  in  a  larger  total  increment.  Naturally,  much  subtler  examples 
exist . 

The  appeal  of  serializability  as  a  correctness  criterion  is  quite 
easy  to  justify.  Databases  are  supposed  to  be  faithful  models  of  parts 
of  the  world,  and  user  transactions  represent  instantaneous  changes  in 
the  world.  Since  such  changes  are  totally  ordered  by  temporal  priority. 


the  only  acceptable  interleavings  of  atomic  steps  of  different  trans¬ 
actions  are  those  that  are  equivalent  to  some  sequential  execution  of 
these  transactions.  Another  way  of  viewing  serializability  is  as  a  tool 
for  ensuring  system  correctness.  If  each  user  transaction  is  correct — i.e., 
when  run  by  itself,  it  is  guaranteed  to  :nap  consistent  states  of  the  data¬ 
base  to  consistent  states— and  transactions  are  guaranteed  to  be  inter¬ 
mingled  in  a  serializable  way,  then  the  overall  system  is  also  correct. 

In  this  (»aper  wo  consider  transactions  that  consist  of  two  atomic 
actions:  a  retrieval  of  the  values  of  a  set  of  database  entit ies--cal led 

the  read-oet  of  the  transaction-followed  by  an  update  of  the  values  of 
another  set  of  entities--the  uri te-oat .  This  is  exactly  the  kind  of 
transactions  handled  by  the  system  SDD-1  [BGRP),  [RG].  However,  the 
main  reason  for  considering  this  model  here  is  that  it  provides  a  nice 
framework  for  understanding  and  comparing  very  different  philosophies  of 
serializability  that  already  exist  in  the  literature— e.g. ,  IBS),  (SLR), 
IEGLT)  ,  [ BGRP )  .  Despite  it  v  ap>parent  simplicity,  it  yields  a  theory  of 

serializability  that  is  rich  in  combinatorial  intricacies,  and  raises 
interesting  complexity  questions.  Since  our  model  is  the  most  general 
connon  restriction  of  the  models  in  the  various  references  cited  above, 
our  negative  results  apply  verbatim  to  those  models.  Furthermore,  most 
of  our  positive  results  and  characterizations  are  also  easily  general izable 
to  more  general  situations,  although  their  proofs— in  many  cases  their 
very  statements-would  be  extremely  cumbersome.  Hence,  wc  view  our  model 
as  a  convenient  language,  of  the  riqht  degree  of  conceptual  complexity, 
for  developing  and  communicating  our  ideas  about  serializability,  rather 
than  a  set  of  restrictions  that  enable  the  proofs  of  certain  theorems. 


-3- 


We  formalize  our  model  of  transactions  in  Section  2,  where  some  pre¬ 
liminary  results  are  also  proved. 

In  Section  3  we  prove  that  the  question  of  whether  a  given  sequence 
of  read  and  write  operations  corresponding  to  several  transactions  (called 
a  history)  is  serializable  is  NP-complete  (AHU),  [Ka].  This  suggests 
that,  most  probably,  there  is  no  efficient  algorithm  that  distinguishes 
between  serializable  and  non-ser ializable  histories. 

In  Section  4,  we  study  some  efficiently  recognizable  subsets  of  the 
set  of  serializable  histories.  In  other  words,  we  present  polynomial -time 
"heuristics"  that  approximate  the  NP-completc  predicate  of  senalizability- 
m  a  manner  quite  reminiscent  of  efficient  approximations  of  NP-completo 
optimization  problems  [GJ],  [PS] .  We  show  that  the  t**)-phase  locking 
strategy  [EGLT]  and  the  protocol  P3  of  [BGRP]  are  incommensurate  special 
cases  of  t%*>  more  general  classes  called  Q  and  DSR--the  latter  is 
related  with  the  model  of  [S!,K]  .  These  two  serializability  principles 
are  therefore  very  general  (and  applicable)  new  serialization  methods.  We 
also  introduce  the  class  SSR  of  histories  that  can  be  serialized  without 
reversing  the  order  of  temporally  non-overlapping  transactions ;  it  is  not 
known  whether  this  class  vs  efficiently  recognizable.  In  Section  5,  we 
observe  that  the  quite  intricate  interrelations  among  these  interesting 
classes  are  simplified  considerably  if  some  "static"  restrictions  art- 
imposed  on  the  read-  and  write-sets.  We  point  out  there  that  the  simple 
serializability  theory  of  [SI.R]  is  due  to  such  a  restriction  of  their  model 

For  all  efficiently  recognizable  classes  of  histories  studied  in 
Sections  4  and  5  there  is  also  an  efficient  eoheduler;  an  algorithm,  that 
is,  which  takes  any  history  ind  transforms  it  to  its  closest  (according 


-4- 


to  some  appropriate  metric)  history  within  the  class  considered.  In 
Section  6  we  show  that  this  is  no  accident:  a  class  of  histories  has 
an  efficient  scheduler  if  and  only  if  it  is  efficiently  recognizable, 
plus  a  regularity  condition,  namely  that  its  set  of  prefixes  is  also 
efficiently  recognizable.  Bv  this  result,  the  complexity  theory  developed 
in  Sections  3  through  5  is  practically  relevant,  because  the  practical 
question  of  the  existence  of  an  efficient  scheduler  for  a  given  class 
of  histories  is  explicitly  linked  to  the  complexity  properties  of  the 
class.  Another  Implication  is  the  negative  result  that,  unless  P  “  NP , 
there  is  no  efficient  "serializer”  of  histories,  and  hence  considering 
efficient  but  more  estrictive  schedulers — such  as  the  ones  discussed 
.ibove--is  a  re.isonat.te  alternative.  Finally,  Section  7  concludes  our 
treatment  of  the  subject.  We  discuss  there  a  number  of  possible  exten¬ 
sions  of  our  results  such  as  to  general  (multi-step)  transactions  and 
distributed  databases. 


2. 


DEFINITIONS -NOTATION 


A  history  is  a  quadruple  h  -  (n,ir,V,S),  where  n  is  a  positive 

integer;  tt  is  a  permutation  of  the  set  E  ■  ^  R,  ,  W,  ,  R_ ,  W  . .  . .  ,R  ,W 

n  112  2  n  n 

that  is,  a  one-to-one  function  tj.-E  ♦  {l  ,2 , . . . , 2n) — such  that 

n 

Tt(fO  <  tt (w  )  for  i*l,2,...,n  (a  permutation  tt  is  represented  by 

<tt  ^(D.tt  1(2),...,it  1(2n)>);  finally,  S  is  a  function  mapping  E  to 

n 

V 

2  ,  where  V  is  a  finite  set  of  variables.  Each  pair  (R. ,W  )  will  be 

li 

called  a  transaction  T. .  S(R  )  will  be  called  the  read  set  of  T  ,  and 

l  i  i 

S(VO  its  urite  set.  We  shall  represent  histories  in  a  compact  way  by 
exhibiting  it,  with  the  sets  S ( * )  given  in  brackets  following  each 
element  of  E  .  For  example,  the  history  h  *  ( 3, <R, , R_ , W  , R  , W  ,K  > , 
{x,y),S)  where  S  (R  ^ )  •  S(R^)  »  {x),  S(f<2)  “  V,  s<wj)  *  (y  ) ,  and 
S(w^)  ■  s (W  , )  »  (x,y}  is  represented  as 

h  -  R  [xJR2Wj  [x,y)R3[xlW  Jx,y)W3(y] . 


The  set  of  all  histories  is  denoted  by  H. 

We  can  think  of  each  transaction  T.  as  starting  with  an  instantaneous 

i 

reading  of  the  values  in  tlx'  variables  in  SiR^),  j>erforming  a  possibly 
lengthy  local  computation  and  then  instantaneously  recording  the  results 


in  a  different  set  S(W^)  of  variables.  We  do  not  look  into  the  details 
of  the  exact  nature  of  the  local  computation.  In  fact,  we  view  each 


transaction 

symbols  (f,.!j 
ij 


as  a  set  of  (s(W.)|  uninterpreted  IsiR^ll-ary  function 
1 , . .  .  4S  (W^  )\) .  tt  is  the  sequence  in  which  these  atomic 


read  and  write  operations  take  place.  Thus,  a  history  can  be  viewed  as  a 
special  case  of  a  fork-join  parallel  program  schema,  in  which  the  local 


-7- 


computations  involve  a  number  of  local  temporary  variables  and  are 

executed  in  parallel  with  other  read-write  operations  (see  Figure  1) . 

The  ooneatenatuyn  of  two  histories  h^  *  (n,*,V,S),  h.,  ■  (m,P,v,T) 

is  a  history  h  «  h  -  (n+m,T,V,P)  ,  where  P(W  )*S(W  )  if  i<n,  and 

12  li- 

P(W,)»T(W.  )  for  i>n.  Similarly,  P(R.)«S(R.)  if  i  <  n,  and 

l  i-n  1  l  i  - 

P  ( R ,  )  *  T  (R .  )  for  i>n.  Also  T  (W .  )  -  ti  (W .  )  if  i  <  n,  and 

l  i-n  i  l 

T(W, )  -  p(Win)+2n  for  i  >  n,  M»i)  "(Rj)  for  i  s  n,  t  (Rf)  -  p  (R1_n)+2n  for 
i>n.  In  other  words  h»h^  is  a  juxtaposition  of  the  two  histories,  only 
with  the  transactions  of  h,  renamed.  Thus,  if 

hL  -  Rx (x)R2(y]W  (ylR?W1 |z]W}Iy] 


h_,  -  Rj  |x,y]R,  [xlWj  [y]W  Jz] 


hr  .  h,  -  R1(xjR1fyM«r,(yjR,W1(z)W<(ylR4(x,y}Rsfx;w  fyJW,  fz) 


We  say  that  two  histories  h^  ■  (n,n,V,S)  and  h,»  (n,H',V,S)  are 
equivalent  (written  h^  -h^)  if  and  only  if  the  corresponding  schemata  are 
(strongly)  equivalent.  In  other  words,  given  any  set  of  |vl  domains  for 
the  variables,  any  set  of  initial  values  for  the  variables  from  the 
corresponding  domains,  and,  fuithermore,  any  interpretation  of  the  functions 


the  values  of  the  variables  are  identical  after  the  execution  of  both 


histories.  Notice  that  our  definition  of  equivalence  requires  that  the  two 


histories  involve  the  same  set  of  transactions.  Thus  h^  “  R^ [ylR^W^ (x]W^ [x] 
is  not  equivalent  to  h.,  •  R^ lylw,  (x) ,  despite  the  fact  that  their  corresponding 
schemata  are  equivalent  (  ssentially  because  T^  is  "dead"  in  h^).  This  is 
a  matter  of  convenience,  and  little  change  to  our  derivations  would  be 


necessary  in  order  to  broaden  equivalence  in  this  sense. 


To  give  a  syntactic  characterization  of  equivalence,  it  is  necessary 

to  first  introduce  some  terminology.  Let  h*  (n,tr,v,S)  be  a  history. 

The  augmented,  version  of  h  is  the  history  h  -  (n+2,t*,V,S)  ,  where 

i-<R  ,,W  ,  ,n,R  W  >  and  S(R)«S(R),  S(W.)-S(W.)  for  i  <  n, 

n+1  n+1  —  n+2  n+2  1  l  i  x 

and  also  S(R  , )  ■  S(W  .)  »  0,  S(W  )  ■  S(R  -  V.  In  other  words,  h 

n*l  n+2  n+1  n+2 

is  h  preceded  by  a  transaction  that  initializes  all  variables  without 

sensing  any,  and  followed  by  a  transaction  that  reads  the  final  values  of 

all  the  variables,  without  chanqing  them.  Suppose  that  x€s(R  ).  We 

say  that  R,  ’vade  x  ‘Yam  w,  in  h  if  w  is  the  latest  occurrence 

of  a  write  symbol  before  R  in  £  such  that  x£s(W  ).  Notice  that 

since  h  contains  W  ,  with  S (W  ,)  -V,  such  a  write  symbol  always 

n+1  n+1 

exists.  The  definition  of  a  live  transaction  in  h  is  as  follows: 

a.  T  _  is  live  in  h. 

n+2 

b.  If  for  some  live  transaction  T  ,  R ^  reads  a  variable  f rom  W 
in  h,  then  T^  is  also  live  in  h. 

c.  The  only  Kinds  of  live  transactions  in  h  are  defined  by  (a) 
and  (b)  above. 

The  following  is  now  a  simple  syntact ic  characterization  of  history 
equivalence,  essentially  a  restatement  of  the  characterization  of  schema 
equivalence  in  terms  of  Horbr&nd  interpretations,  [LFP] : 


PROPOSITION  1.  Two  histories  «  (n  ,*,V,S)  and  h2  -  (n  ,ir  •  ,v,S) 
are  equivalent  if  and  only  if  they  have  the  same  sets  of  live  transactions. 


and  a  live  R,  reads  x  from  W  in  h,  if  and  only  if  R  reads  x 
i  j  1  i 


from  W  in  h,. 


One  of  the  implications  of  Proposition  1  is  that  equivalence  of 


histories  can  be  decided  efficiently.  The  sets  of  live  transactions  can 
be  found  in  0(n-|v|)  time  by  applying  the  recursive  definition  given 
above,  and  so  can  the  reads  from  relation  for  transactions.  Hence  we  have: 

COROLLARY.  Equivalent  of  histories  can  be  decided  in  0 { n * ! V | ) 

time.  o 

The  main  theme  of  this  paper  is  the  notion  of  seri alizability .  A 
history  h  «  (n ,  tt,V,  S)  is  aerial  if  w(W)“ff(R^)  +  l  for  all  i  »  1 , 2, . . .  ,n  j 
in  other  words,  a  history  ir  serial  if  R  immediately  prececds  in  it 

for  i»l,...,n.  A  history  h  is  serializable  (notation:  h €  SR)  if  and 
only  if  there  ir.  a  serial  history  hg  such  that  h  hg.  In  the  next 
section  we  shall  present  a  syntactic  characterization  of  serializable 
histories  analogous  to  (and  based  on)  Projosition  I. 


t 


3. 


THE  COMPLEXITY  OF  SERIALI2ABILITY 


In  order  to  examine  the  complexity  of  the  serial izabi lity  problem, 
we  need  first  to  introduce  some  graph-theoret ic  terminology. 

DEFINITION  1.  A  polygraph*  P-  (N,A,B)  is  a  digraph  (N,A)  to¬ 
gether  with  a  set  B  of  b  i:\ithat  that  is,  pairs  of  arcs--not  necessarily 
in  A- -of  the  form  ( (v,u) 4u,w) )  such  that  (w,v)£A.  a 

Alternatively,  a  polygraph  (N , A , B )  cat  be  viewed  is  a  family  P(N,A,B) 
of  digraphs.  A  digraph  (N,A‘)  :s  in  P(N,A,B)  if  and  only  if  A  c  A', 
and  for  each  bipath  (a^.a^)  €  B,  A'  contains  at  least  one  of  a  ,  a^. 
Polygraphs  will  bo  represented  ::  -hem.it  mil  ly  as  in  Figure  2a.  Arcs  in  A 
will  Ivo  drawn  as  cirdinary  arrows,  and  pairs  of  arcs  in  B  will  be  marked 
by  a  circular  arc  .entered  on  their  common  node. 

DEFINITION  2.  A  polygraph  (N , A , B)  is  acyclic  if  there  is  an 
acyclic  digraph  in  t/(N,A,B).  o 

For  example,  the  digraph  of  Figure  2b  is  both  in  P(N,A,B)  and 
acyclic;  it  follows  that  N,A,B)  of  Figure  2a  1>  acyclic.  Notice  that 

for  a  polygraph  (N , A , B)  to  be  acyclic,  the  digraph  (N.A)  must 
definitely  be  acyclic. 

Given  any  history  h-  (n,tt,v,S)  we  are  goinq  to  define  a  polygraph 

P(h)  ■  (N , A , B) .  N  is  the  set  of  live  transactions  of  h,  the  augmented  version 

of  h.  First,  A  contains  the  arcs  ( (T  , ,v) :v £ N-{T  ,)).  and  also  the 

n+1  n+1 

We  insist  on  this  terminology  only  because  it  has  already  become 
notorious  for  its  impropriety . 


m 


-11- 

arc*  {  (v,T  ,):v€N-{t  _)}.  Secondly,  whenever  transaction  u  reads 

n-t.  n+2 

some  variable  x  from  v  m  h,  we  add  the  arc  (v,u)  in  A.  Further¬ 
more,  if  for  a  third  transaction  w,  x  is  in  the  write-set  of  w,  then 
we  add  the  hi^ath  ( (u,w) , (w,v) )  in  B .  This  concludes  the  construction 
of  P(h) . 

Intuitively,  P(h)  captures  a  ;>art  ial  order  that  can  be  interpreted 
as  “happened  before",  and  with  which  any  history  that  is  equivalent  to  h 
roust  be  consistent.  Each  arc  (v,u)  means  that  u  read  some  variable 
from  v  and  hence  must  follow  it.  Also,  a  bipath  ( (u,w) , (w, v) )  means  that 
w  write-,  on  the  same  variable,  and  hence  < annot  be  in  between  v  and  uj 
it  must  either  precede  v  or  follow  u.  This  is  stated  as  a  leimna: 

LEMMA  1.  Two  histories  h  ■  (n,~,V,h)  and  h,*  (n.it'.V.S)  are 
e  iuivalent  if  ind  only  if  P(h^'  and  P  0  •. , )  arc  identical. 

Pri>>£.  B"th  directions  follow  from  Proposition  1  and  the  definition 
of  P (h) .  a 

LEMMA  2.  A  history  h  *■  (n,-,V,S)  without  dead  transactions  is  seriali¬ 
zable  if  and  only  If  P(h)  is  acvclic. 

Proof.  If  h  is  serializable,  there  existB  a  serial  history  h 
■—  s 

such  that  h  h  or,  by  Lemnvi  1,  P(h)  ’Plh  ).  However  P(h  )  ■  (N,A,B) 

s  s  s 

is  acyclic.  To  see  this,  let  (T . ,T  )  be  ordered  according  to  their 

In 

occurrence  in  h#.  We  construct  a  digraph  <N,A')  €P(P(h^))  as  follows: 

A'  contains  the  arcs  in  A,  and  for  each  bip>ath  ( (T  ,T  )  ,  (T  ,T  ))  in 

1  J  J  K 

B  we  add  to  A  the  arc  (T,T)  if  i  <  J ,  or  (T  ,T  )  if  }<k.  To 

11  1  A 


-12- 


show  that  exactly  one  of  tliese  must  occur,  recall  that  in  h  T,  reads 

s  1 

a  variable  x  €  S(W  )  from  T^,  and  hence  It  <  i  ,  and  not  k  <  j  <  i  . 

Consequently  the  above  construction  yields  a  digraph  (N, A ' )  in 

P(P,A,B).  Next,  notice  that  (N,A')  is  acyclic  since  it  is  a  subgraph 

of  the  total  order  (T  , ,T  ,...,T  ,T  ) .  So,  P(h)  is  also  acyclic. 

n+1  1  n  n*2 

Now,  let  (N, A 1 )  be  an  acycl ic  digraph  in  P(P(h)).  The  serial 

history  hg  resulting  from  tojxslogically  sorting  (N,A‘)  is  then  equi- 

valent  to  h.  This  follows  from  Proposition  1  and  from  the  fact  that 

since  one  of  the  two  arcs  of  each  bipath  in  B  is  in  A',  all  transactions 

in  h^  read  all  variables  from  the  same  transaction  in  h  as  they  do  in 

h  .  □ 

s 

Unfortunately,  the  combmator lal  characterization  of  serial  repro¬ 
ducibility  shown  in  henna  2  does  not  directly  suggest  an  efficient  test. 

In  fact,  the  theorem  below  i  ;  strong  evidence  that  no  such  test  exists. 

THEOREM  1.  Testing  whether  a  history  h  is  serializable  is  NP- 
complete  ,  even  if  h  has  no  dead  transactions. 

In  order  to  proceed  with  the  proof  of  Theorem  1  we  first  need  another 
lenrva.  It  is  well  Known  (see  (AHUl,(tCaJ)  that  the  satis f iabi  1  ity  problem 
of  Boolean  formulas  in  conjunctive  normal  form  with  two  or  three  literals 
in  each  clause  (abbreviated  SAT)  is  NP-complete.  We  can  show  that  a  more 
restricted  version  of  this  problem  is  still  NP-complete .  Call  a  clause 
"nxej  if  it  contains  both  variables  and  negations  of  variables,  and  call  a 
formula  noncir'ulay  if  at  most  one  of  the  occurrences  of  each  variable  is 


in  a  mixed  clause. 


-13- 


LEMMA  3.  SAT  is  NP -complete  even  if  the  formulae  are  restricted 
to  be  noncircular. 

Proof.  Consider  any  instance  F  of  SAT  and  a  variable  x  in  it.* 

Let  m  be  the  number  of  occurrences  of  x  in  the  formula  F ,  and  let 

x.,x„,...,x  be  new  variables.  We  replace  x  in  its  first  occurrence 
12  m 

by  x,,  in  its  second  by  x. ,  in  its  third  by  x.,  etc.  Finally,  we  add 

1  a-  i 

t  ..e  clauses  (x^  Vx,)a  (x^  v  x ,)  a  (x.vx^)a  (x,vx^1a  ...,  which  is  the 
conjunctive  n»>mal  form  of  x,  x;  x,  •••.  Repeating  this  for  all 

variables,  wv-  observe  that  the  resultmq  formula  is  trivially  noncircular, 
and  the  construction  requires  only  a  polynomial  amount  of  time.  o 

Proof  of  Theorem  1 .  The  set  of  SR  histories  is  definitely  in  WP, 
since  to  show  that  h  :s  SI,  one  only  needs  to  construct  a  serial  history 
h^  (of  lonqth  not  greater  than  that  of  h) ,  and  chock  by  Proposition  1  that 
h  and  h  ate  equivalent. 

We  will  next  show  that  >  known  NP-complete  problem,  the  noncircular 
AT  problem  of  Lemma  3  above,  reduces  to  SR-testing  in  polynomial  time. 

Given  any  such  formula  F,  we  are  going  to  construct  a  polygraph 
Pf.  ■  (N ,  A ,  B )  such  that  Pf.  is  acyclic  if  and  only  if  F  is  satisfiablc. 

We  will  then  show  that  F^.  can  be  considered  as  P(h)  for  a  suitable 
history  h,  without  dead  transactions.  In  view  of  Lemma  2,  this  will 
conclude  the  proof. 

We  start  from  the  construction  of  P}. -(N.A.B).  F  has  m  clauses 

and  involves  n  Boolean  variables  x,,...,x  .  Each  clause  C, 

in  1 

consists  of  three  literals  X  n  V  1 J ,  y 1 f y  where  X  is  either  a  variable 
or  a  negation  of  one.  N  contains  the  nodes  a,  ,  b^,  c^  for  each  variable 


14- 


x^,  and  ylk,  k"  for  each  clause  with  literals.  For 

each  variable  we  add  the  arc  (a^.b^)  to  A,  and  the  bipath  ((b^.c  ), 
(c^.a^))  to  B.  For  each  clause  ,  we  add  the  arcs  (y^.z^  k+j) 

(addition  mod  m^)  to  A.  Finally,  If  A^k  *  x  ^  ,  we  add  the  arcs  (c^.y^) 
and  (bj.zlk>  to  A,  and  the  bipath  ( (z  u ,  y  lfc) ,  (y  Jk ,  b  f ) )  to  B  .  If  A^-  x)t 
then  we  add  the  arcs  (z^.Cj)  and  (y^.a^)  to  A  ,  and  the  bipath  ((a^,*^), 

(z  ,y  ))  to  B.  For  exam;  le,  if  the  lireral  A  is  x  ,  the  sub|*oly- 

IK  1 K  1  K 

graph  of  Figure  1  will  appeal  in  P^,. 

Finally,  we  add  to  N  the  nodes  n_,n  and  n,  ,  together  with  the 

(.)  c  t 

arcs  (n_,n),(n,n  )  and  (n,n.)  for  all  n€N-{n_,n  ,n.),  and  also  the  arc 
U  c  t  U  c  t 

(n  ,nr),  Tills  concludes  the  construction  of  P„.  In  Figure  4a  we  illustrate 
c  f  r 

the  construction  for  the  B<  llean  formula 


F  •  (XjVXjlA  (XjVX^XjlA  (x^Xj) 


For  simplicity,  in  Figure  -3  v>*  have  omitted  the  nodes  n(1  and  n^.. 

We  will  now  argue  that  P  is  acyclic  if  and  only  if  F  is  satis- 
fiable.  Suppose  that  P^  is  acyclic.  This  means  that  there  is  an  acyclic 
digraph  (N,A')  €  P(P  ) .  Obviously,  for  each  j,  exactly  one  of  the  edges 
(b  ,c  )  and  (c ,,a.)  is  in  A'.  Think  the  fact  that  (c,,a.)  £  A' 

J  J  j  j  j  j 

means  that  x  ^  is  assigned  the  value  true.  We  may  lrmediately  note  that 

if  a  literal  A^^  is  given  the  value  falcu  by  this  assignment,  the 

corresponding  arc  (z^jy^)  is  also  in  A',  since  otherwise,  a  cycle  of 

the  form  (c  .  ,y , .  ,b  , ) --or  (z  .  ,c.,a  )  if  A..  »x. — would  exist  in  (N,A')> 
j  'lk  j  lk  j  j  ik  j 

Hence,  the  only  way  for  (N,A*)  not  to  have  a  cycle  of  the  form 


(a  ^ ,yi 1 ' Zi2' ' * ‘ ' y i *8  tbat  at  lea9t  one  literal  in  each  clause  is 


assigned  the  value  tru^,  which  moans  that  F  is  satisfiable. 


-15- 


Conversely,  suppose  tli.it  F  is  satisfied  by  some  truth  assignment 

T.  We  will  construct  an  acyclic  digraph  (N,A')CP(P  ).  A'  contains 

all  of  A  and  the  arcs  (c^a.)  if  T(x  )  »  time,  (b.,c^)  if 

T (x , )  “  false ,  and  the  arcs  (z,,  ,y  .  )  if  T(X  )  -  false ,  (y.,  ,b  )  if 

j  ik  ik  ik  w  lk  j 

X  »x  and  Tlx  )m  true,  and  (&  ,z  )  if  X »x  and  T(x  )« false. 
ik  3  3  3  ik  3k  3  3 

Obviously,  (N,A')  is  in  P(P  );  the  claim  is  that  it  is  acyclic.  We 
first  note  that  since  F  is  by  hypothesis  noncircular,  (N,A)  is  acyclic. 
This  is  because  by  the  construction  of  A,  the  clauses  containing 
variables  only  or  negations  only  correspond  to  node  sets  with  only  in¬ 
coming  or,  resj>ect ively ,  only  outgoing  arcs;  node  sots  corresponding  to 
mixed  clauses  have  both  incoming  and  outgoing  arcs,  but  no  two  such  node 
sets  are  reachable  from  each  other  in  (N,A),  by  F's  noncircularity;  it 
follows  that  (N, A)  is  indeed  acyclic.  It  is  easy  to  check  that  the  arcs 
in  A’  -  A  can  harm  the  digraph's  acyclicity  only  by  introducing  a 
(zj  ,y  j , . . . ,y  cycle;  however,  this  would  mean  that  some  clause  has 
no  true  (under  T)  literal,  and  hence  T  does  not  satisfy  F,  a  contra¬ 
diction.  In  Figure  4  wo  show  in  broken  lines  the  arcs  of  an  acyclic 
digraph  in  P(Pf.);  this  digraph  corresponds  to  the  truth  assigunent 
T(Xj)«*ru«,  T(x,)  »  false,  T(x  ()  •  false  which  satisfies  F. 

In  order  to  conclude  the  proof  we  need  to  construct  a  history  h 
such  that  P(h)  "P^..  All  nodes  of  P  correspond  to  distinct  transactions. 

To  construct  the  read  and  write  stts  of  the  transactions  (except  for 
n0>n(  and  n^),  we  start  by  having  all  read  sets  empty,  and  a  variable  x ^ 

In  the  write  set  of  each  transaction  v.  For  each  arc  (v.u) €  A  we  add  a 
variable  x^  to  the  write  set  of  v  and  the  read  set  of  u  ,  and  for  each 
bipath  ( (v.u) ,  (u,w) )  £  B  we  add  x  to  the  write  set  of  u.  Finally, 


-lfe- 


R(n  )  -  0,  W(n  )  -  {x  :v€N)  {x  :(u,v)€a)  -  R(nf),  R(n  )•  {x  :u€N), 

u  u  v  uv  lev 

W(nr)  "  0,  W(n  )-  {x  :(u,v)CA).  In  order  to  sketch  the  construction  of 
f  c  uv 

h,  we  represent  the  read  and  write  operations  corresponding  to  the  node 
v  of  Pp  by  R(v),W(v)  respectively.  We  use  v  to  stand  for  R(v)W(v). 

We  start  the  construction  of  h  from  left  to  right.  First,  for  each  clause 


C.  consisting  of  Just  negations  we  add  the  subhistorv  h(C . )  •  y . , . . .y . 

1  1  11  ltn^ 

Sext,  for  each  variable  x,  that  appears  unnegated  In  the  mixed  clause 

t'  (i.!.),D  "  *,)  we  add  the  subhistorv  h(x  )  -  R(a ,)z,  c  U(a,)R(b,)y,.W(b.) 
i  ]  IR  J  J  J  l®  J  J  J  J 

The  z.  part  appears  only  if  C.  is  purely  negated  and  A  ■  x.  .  Further, 
Ini  1  1  in  J 

If  \  "X,  lor  some  purely  unnegated  clause  C  then  v  appears  also 

pq  j  p  7pq 

after  y .  ^  .  Then  follow  subhistories  corresponding  to  the  remaining 

variables.  If  does  not  appear  unneguted  In  a  mixed  clause,  then  we 

add  to  b  the  subhistorv  h(x.)  -  R(a.)z  c.W(a  )R(b  )y  W(b . ) .  Again, 

1  j  im  J  J  J  J 

v  appears  only  ff  *  x.  for  some  purely  unnegated  clause  Cj,  and  if 
x.  also  appears  in  a  purely  negated  clause  C  (A  “  x.)  then  z  comes 

J  p  pq  J  pq 

after  z.  .  Finally,  we  have  hCC,)  -  z,,...z.  for  each  purely  negated 
in  1  11  irr  j 

clause  C,,  and  at  the  end  the  transaction  n  . 

1  c 

To  argue  that  Pp  -  p(h),  first  notP  that  all  (y  ^  ^  •  *i  J-*-l  >  ^BO<* 
arcs  are  realized  by  h,  and  that  the  subpolvgraph  of  Figure  3  is  realized 
for  each  x^  •  A^,  and  the  symmetric  subpolvgraph  for  x^  •  A^. 

Furthermore,  it  is  quite  easy  to  check  that  no  other  arcs  and  blpaths  are 


added  by  the  construction.  Hence  P  *  P(h),  which  completes  the  proof  of 


Theorem  1 


-17- 


4.  EFFICIENTLY  RECOGNIZABLE  CLASSES  OF  SERIALIZABLE  HISTORIES 

Given  that  SR  is  NP-complete,  it  is  reasonable  to  look  for  subsets  of 
SR  that  are  efficiently  recognizable.  In  this  section  we  study  several 
such  classes  of  serializable  histories. 

4 . 1  The  Class  DSR 

DEFINITION  3.  Let  h^  “  (n,n,V,S)  and  h,«  (n,ir',V,S)  be  histories. 

We  write  that  h  *\<  h  whenever  it(O)  *t'(c)  for  all  o€E  except  for 
12  n 

tvo  elements  0, ,0,  €  E  with  ir(o)»n’(o)«j,  ir(0_)“Tr'(0,)»j  +  l  for 

1  2  n  1  2  2  1 

some  1  <  j  <  n-1,  and  cither 

a.  c,i“R1*  for  somc  i*  j  <  n,  or 

b.  i»  j  <  n,  and  S  (R^ )  D  S  (W  )  -  0,  or 

c.  01-Wj,  a2  -  W  ,  i,  j  <  n,  and  S  (W^ )  0  S  <W^ )  -  0.  o 

As  an  illustration,  we  have  that 

R1lx]R2lx]w1  [xlwn[yl  'VR1lx]R2(x|H;|y]H1[x]  -v 
R2[x)R1(xjW2[ylW1  ty)  R  [xlw^  [y]  Rj  |x1wi  [x]  , 

because  at  each  step  the  next  history  is  obtained  from  the  previous  one  by 
switching  two  adjacent  symbols  obeying  one  of  the  conditions  (a) ,  (b)  and 
(c)  of  Definition  3  above. 

The  following  is  a  direct  consequence  of  Proposition  1  and  the  above 
definition : 

PROPOSITION  3.  If  h1'v'h2'  then  hi  ~  h2  * 


□ 


-18- 


Let  -  be  the  reflexive-transitive  closure  of  Since  ~  is 

symmetric,  -  is  an  equivalence  relation  which  is,  by  Proposition  3,  a 
restriction  of  H.  We  can  show  that  *  is  a  proper  restriction  of  = 
by  observing  that  for  the  two  histories 

hL  -  K3(x]R1V1[x]R2[y]U:W.}[y] 

and 

h2  "  R2  lylR3  IX,W2  W3iy  ]R!Wi  I  X1 

we  have 

hl  =  h2  ' 

but 

hl  *  h2  ' 

Me  say  that  the  history  h  is  .  -ftcr:  jlir.abl*  (DSK  if  there  is  a  serial 
history  h^  such  tnat  h  *  h(. .  Obviously,  if  a  history  is  DSR,  it  is 
certainly  SR. 

We  can  associate  with  a  history  h«  (n,T,V,S)  a  digraph  D(h) 

defined  as  follows:  The  nodes  of  D(h)  are  the  transactions  {T  ,...,T  } 

1  n 

of  h,  and  the  pair  (T^.T^)  is  an  arc  of  D(h)  if  and  only  if  either 


a  • 

som  ns<w  ) 

S  0 

and 

<  *(W. ) ,  or 

b. 

siw^)  n stp^) 

*  0 

and 

*(W. ) 
i 

<  ir(R  J  ,  or 

c. 

s (w ^ )  n siw  ) 

1  0 

and 

mw  ) 
i 

<  w(w7). 

Lf.MMA  4.  Suppose  that  for  two  histories  h^  »  (n,rr,V,S)  and 
h^  *  (n,ir*,v,S)  D(hj)  and  D(h^)  h*ve  no  cycles  of  length  2.  Then 
h^  -  h^  if  and  only  if  Dthj)  ■  D(h.,). 


-19- 


Proof.  It  should  be  obvious  from  the  definition  of  D(h)  and  the 
-  relation  that  whenever  h^  -h^,  also  D(h^)  ■  D(h^) .  Consequently, 
h  *h  implies  D(h  )  -D(h_,). 

For  the  other  direction,  assume  that  D(h^)  -Dlh,).  We  shall 
transform  h,  to  h^  by  a  sequence  of  -  transformations  as  follows: 

Take  the  symbol  in  that  is  the  first  symbol  in  (i.e.,  ti  *(1)) 

and  brinq  it  to  the  first  place  of  h,  by  successively  switching  it  with  all 
symbols  precedinq  it  in  h,;  then  take  u  *(2)  and  brinq  it  to  the 
second  position  by  switchinq  it  with  all  symbols  precedinq  it,  except 
*  *(1);  and  so  on,  until  h^  is  transformed  to  Ji^.  It  remains  to  show 
that  all  these  switchings  have  been  legal  -  transformations.  Suppose 
that  at  some  time  we  had  to  switch  0  with  in  a  manner  not 

allowed  by  Definition  3;  that  is  either 


a.  0  •  R  ,  O  »  W  ;  this  means,  however,  that  in  h,  ,  W  precedes 
1  l  2  l  1  l 

R^  ,  and  hence  h^  is  not  a  history. 


b. 

0  "  R  .  O,  •  W  and 

1  l  2  j 

S  (R , ) 
i 

n  s(w  ) 
j 

?  /.  This 

would  mean 

however , 

that  (T^ ,  T.)  is  in 

D(h2) 

and 

(T  ,T  )  is 
3  1 

in  D (h^ ) .  Since 

D(h^)  and  D(h,l  have  no  cycles  of  lenqth  2  we  can  conclude  that 
Dihj)  *  D(h,) . 


c.  Similarly  for  0  ■  W ,  ,  0,  »  W .  and  S(W.)  flS(K)  f  0.  o 

1  l  2  j  1  j 

We  can  now  prove  the  following  Theorem. 

THEOREM  2.  A  history  h  •  (n,*,V,S)  is  DSR  if  and  only  if  D(h) 
is  acyclic. 

Proof .  Suppose  that  D(h)  is  acyclic.  We  can  thus  sort 
topologically  the  set  {T^,...,T^}  of  nodes  of  D ( #1 ) .  Think  of  this 


-20- 


order  as  a  serial  history  h  .  It  is  immediate  that  D(h  )  =  D(h) ,  and 

b 

hence,  by  Lemma  4,  h  *  h^.  It  follows  that  h  is  DSR. 

For  the  other  direction,  assume  that  h  is  DSR.  We  have  two  cases 

a.  D (h)  has  a  cycle  CI\,T.,T^)  of  length  2.  This  means  that 

fl(R  )  <  *(W  )  <  tt(W  )  ,  and  S(R.)dS(W  )  ¥  /,  S (W  . ) D  (S(W,)\JS(R«))  ¥  0.  It 
i  3  1  i  )  1  J  J 

easy  to  show  that  in  all  histories  h'  for  which  h  -  h'  we  will  also 
have  tr '  (R  )  <  it '  (W  )  <  n '  (W^ ) ,  as  otherwise  h  ^  h '  ,  and  h  r  h',  by 
Proposition  3.  Hence  there  Is  no  serial  history  h^.  such  that  h  ~  h<., 
a  cont rad Ic t Ion . 

b.  D(h)  has  no  cycles  of  length  2.  By  Lemma  4,  there  is  a  serial 

history  h.  such  that  D(h)  *D(h  J.  However,  serial  histories  h^ 
have  acyclic  D(h<.),  and  hence  D(h)  is  acyclic.  o 

Theorem  2  sugqosts  that  histories  that  are  DSR  can  be  detected 
efficiently  by  checking  D(h)  for  acyclicity: 

COROLLARY  1.  Checkmq  whether  a  history  h«  (n,n,V,S)  is  DSR  can 
bo  done  in  0(|v|n^)  time.  D 

Also,  we  can  rephrase  Theorem  2  as  follows  (compare  with 
Definition  4  below): 


COROLLARY 

2.  A  history 

h 

«  (n.tr 

,V,S) 

is  DSR  if 

and  only 

if 

we  can 

find  real 

numbers  {Sj,... 

t  s  ) 

n 

such 

that 

a . 

If 

S(W  )  n  S(R  ) 

i  J 

¥ 

«* 

and 

w(W  ) 

l 

<  ir(R^) 

then 

Si 

< 

sr 

b. 

If 

s<r)  nsiv) 

¥ 

0 

and 

w(R  ) 

1 

<  S(W  .  ) 

then 

Si 

< 

V 

c. 

If 

s(w)  n  s<»o 

¥ 

0 

and 

Yt  (W  J 
1 

<  1t(W.  ) 

then 

Si 

< 

V  ° 

-21- 


4.2  The  Class  y' 

DEFINITION  4.  A  history  h-  (n,*,V,S)  is  in  Q  if  there  exist 

non-integer,  distinct  real  numbers  S^.S, . with  the  following 

properties : 


a . 

it  (R 

. )  c  S. 

i  l 

<  n  (w  ) 
i 

b. 

If 

S  (R .  ) 
i 

n  s  (w  ) 

3 

iff  i 

and 

n(R.  )  <  it(W_. ) 

then 

S  <  S 
i  3 

c. 

If 

S(W  ) 

l 

n  s (w^> 

0 

and 

then 

s  <  s  .  □ 

1  3 

The  real  mimbers  S......S  in  Definition  3  are  called  aeriali- 

1  n 

nobility  points.  Their  intuitive  meaning  is  that  the  history  h  is  the 
same  as  though  transaction  Tj  had  executed  indivisibly  at  the  time 
instance  (durinq  which,  by  (a)  above,  it  was  active),  transaction 

T.,  at  S^,  and  so  on.  As  a'i  illustration,  the  history 

h  -  RjfxlRjUlw^yjRjUlWjtxJlfjfyl 

is  in  the  class  0,  since  the  values  S  "3.5,  S^-2.5,  and  S^*4.5 

satisfy,  as  the  reader  can  check ,  the  requirements  of  the  definition. 

The  class  Q  was  independently  introduced  by  [Wo] . 

THEOREM  3.  If  h  is  in  Q,  then  h  is  DSR. 

Proof .  Conditions  (b)  and  (c)  of  the  definition  of  the  class  Q 
above  are  identical  to  (b)  and  (c)  of  Corollary  2  to  Theorem  2.  Hence 
it  suffices  to  show  that  condition  (a)  above  implies  condition  (a)  of 
Corollary  2.  Put  this  is  immediate,  because  if  ir(W^)  <ir(R^)  we  have 
that  S ^  <  n(w^)  <  n(R^)  <  S  .  ,  no  matter  what  SiR^)  and  S(W^)  are. 


-22- 


Given  a  history  h“  (n,n,V,S)  we  can  construct  another  digraph 

D' (h) — a  superdigraph  of  D(h)--with  nodi  set  again  {t  }  and 

1  n 

(T^,T^)  an  arc  if  and  only  if  one  of  the  following  holds 

a.  MW  )  <  MR.) 

l  J 

b.  MtO  <  MW^)  and  S(RJ  ns(W^)  *0 

c.  >T(Wi)  <  W(W^)  and  S(W  >ns<W  )  ?  0. 

In  other  word!  D' ( h )  contains  all  the  arcs  of  D(h)  and  possibly  some 
other  arcs  for  the  cases  in  which  MW  )  •  MR  )  and  S(R  )  (1  S(W,  )  ■  0. 

1  j  3  i 

THEOREM  4.  The  history  h  ”  (n.tr.V.S)  is  in  the  class  Q  if  and 
only  if  D' (h)  is  acyclic. 


Proof.  Suppose  that  h€Q,  and  lot  S.,...,S  be  appropriate 
-  1  n 

numbers.  Without  lors  t  generality  S.  •  S  <  •••  <  S  .  We  shall  show  that 

12  n 

whenever  (T  ,T  )  is  in  D'(h),  then  i  <  j.  Suppose  that  i  >  jj  by  the 
definition  of  D'(h)  or.c  of  the  followinj  must  hold: 

a.  MW  )  <  MR  .  >  .  However .  S  <ir(w)<tr(R)<S.,  which  contradicts 

i  )  1  i  j  j 

our  assumption  that  S,  <  S,  <  •  •  •  <  S  and  1  >  1 . 

1  2  n 

b.  MW  )<MWJ  and  S(w  )DS(W  )  ¥  0.  By  (c)  of  Definition  4, 
however,  Sj<S^,  aqain  a  contradiction. 

c.  t  (R^ )  < ’t  (w  . )  and  SIP^l  flsivi  )  W  0.  Similarly,  a  contradiction 
is  reached  by  (b)  of  Definition  4. 

Consequently,  D' (h)  is  acyclic,  since  it  is  a  subgraph  of  a  total  order. 
Tor  the  other  direction,  suppose  that  D' (h)  is  acyclic.  We  can 


sort  topoloqically  its  nodes  to  obtain  the  order,  say,  (T. ,T„ , . . . ,T  ). 

12  n 

We  can  define  the  real  numbers  S, ,S„,...,S  ,  and  S  ,  (for  convenience) 

12  n  n*l 


as  follows: 


4.3  Two-Pha  e  Locking  and  the  Protocol  P3 


A  very  influential  proposal  for  quaranteeinq  serializability  of 
update  systems  has  been  the  two-phase  locking  mechanism  of  [EGLT] — also 
discussed  extensively  in  (BS]  .  Also,  the  essence  of  a  quite  different 
serializability  principle  (which  was  used  in  the  development  of  the  SSD-1 
distributed  system  |RC,]  ,  [BGRP])  is  captured  by  the  so-called  protocol  P3 


*24- 


(see  (BS)).  In  this  Subsection  we  show  that  these  two  different 
philosophies  of  serial izabil ity  are  reduced,  in  our  model,  to  two 
efficiently  recognizable  incommensurate  subsets  of  our  class  DSR . 

The  two-phase  locking  strategy  requests  and  releases  actual  locks-- 
i.e.,  mechanisms  that  guarantee  exclusive  data  access--during  the  execution 
of  the  different  operations  of  an  update.  The  rule  that  is  proven 
sufficient  for  guaranteeing  senalizability  is:  never  request  a  lock 
after  a  lock  has  been  released.  We  have,  therefore,  two  phases:  one 
during  which  locks  may  only  be  risquestod ,  followed  by  one  during  which 
locks  can  only  be  released.  The  first  release  of  a  lock  delimits  the 
two  phases.  In  our  model  of  two-step  updates  the  authors  of  [BS)  note 
that  two-phase  locking  for  a  history  h  -  (n.fi.v.S)  essentially  amounts 


to  dividing  the  interval  from  "MR^ )  to  tr(wd  into  two  intervals: 

one  during  which  no  symbol  W  with  S(R  )  H  S  (W  )¥  0  can  exist,  followed 

i  )  i 

by  one  during  which  no  symbol  ~  with  S(C)  D  S  (W  )  ¥  0  can  exist. 

n  1 

This  is  captured  by  the  following  definition: 


DEFINITION  5.  A  history  h»  (n,7t,V,S)  is  two-phane  locked 
(notation:  h  €  2PI.)  if  and  only  if  there  exist  distinct  non-integer  real 


nunbers 

V* 

..,ln 

( th e  lookyo in  t n )  such 

that 

a . 

V  (R 

i><4i 

<  TT  (w  ,  ) 

for  l  ■  1 , . . 

.  ,n 

b. 

If 

S  (R  j  ) 

nsiwf) 

¥  ,  i  ¥  j  and  it  (Rj )  <  ^  (Wj  )  ,  then 

c . 

If 

S(Wt) 

¥  0  and  *  (V ^  > 

<"(*.),  then  )  <  t 

To  understand  Definition  5,  consider  a  transaction  (R  , )  in  a 
history  h €  2PL,  and  its  lockpoint  .  The  intuitive  meaning  of  the 
lockpoint  is  the  following:  during  the  interval  [ir(RJ,£^)  all 


\ 


-25- 


variables  in  S(H^)  are  "protected"  from  writinq  by  other  transactions, 

by  virtue  of  (b) .  Also  durinq  the  interval  (£.,n(W^))  the  variables 

in  S  (VO  are  protected  from  readinq  an.!  writinq.  Conditions  (b)  and 

(c)  therefore  essentially  say  that  the  interval  (f^.iMVO]  overlaps 

no  interval  (  £  ,  rr  ( w  ) }  with  S(W,  )  (1S(W.)  ^  0  and  no  interval  f  tt  (r  )  ,  t  ] 
k  k  k  j  k  k 

with  S(VO  flS(R^)  ft  0.  Thus,  the  second  lock  is  granted  before  the  first 
i3  released,  in  accordance  with  the  two-phase  locking  principle. 

Although  Definitions  4  and  5  differ  only  slightly  in  condition  (c) , 


the  latter  is  a  substantial  restriction.  First,  we  notice  that  2PL  c  Q. 

Indeed,  if  h  €  2PL  then  the  lockpoints  t  are  automatically 

1  n 

valid  ser ial izabi 1 i ty  points  S,,...,S  in  Definition  4.  To  see  this, 

1  n 

just  notice  for  that  condition  (c)  of  Definition  5  <  t .)  together 

with  (a)  (£  <n(K.))  imply  (<:)  of  Definition  4  (namely,  <  S^). 

To  show  that  the  inclusion  is  proper,  notice  that  for  the  history 


h  "  RiR2R3(x,wi [*iw; iy'ziw3(yi 

we  have  that  h€C  (see  Figure  5a  for  D'(h)l  but  h  t  2PL.  The  ex¬ 
planation  for  the  latter  fact  is  that  transaction  3  has  no  lockpoint  iy 
since,  if  it  had,  £?  should  obey  t ^<£^<4  (by  (b) )  and  also  >  5 
(by  (c)). 

Wo  can,  however,  check  very  efficiently  whether  a  history  h  is 

two-phase  locked.  Given  any  history  (n,ir,V,S)  we  define  the  history 

h*  ■  (2n,w*,V,S*) ,  where  h*  is  obtained  from  h  by  inserting  a 

transaction  R  W  after  W  in  h  for  j-l,...,n»  S*(R  )»0, 
n*j  n+j  j  n+j 

and  S* (W  )  »  S (W , ) ,  For  example,  the  history  h*  for  h  of  the 
n-t)  J 


example  above  is 


-26- 


h*  -  R1R,R3lx]W1  (xlR^W^j  [xlW^ly.zlR^,.  !y,z]W3(y]RfcWfe(y]  . 

THEOREM  5.  For  a  history  h  ■■  (n,TT,V,S)  h  €  2PL  if  and  only  if 
h*  €  Q. 

Proof.  Let  (t, . I  }  be  a  set  of  distinct  non-integer  real 

-  1  n 

numbers,  and  let  a l j)  be  the  number  of  positions  to  the  right  that  the 

symbol  tt  *  ( j)  was  shifted  in  h*  ;  in  other  words  a  ( j)  ■2*|{W:ir(lO  <  j }  |  . 

Consider  the  set  {s, , . . . ,S,  } ,  where  S.  ■  l .  ♦  a ( (i. 1 )  for  i <  n,  and 

1  2n  l  i  i 

S.  ■  tt(w.  )  ♦  a(ir(w.  ) )  ♦  3/2  for  i  >  n.  We  claim  that  {t.  }  is  an 
1  i-n  i-n  i 

acceptable  sot  of  lockpoints  satisfying  Definition  5  if  and  only  if 
(S^'1  is  a  set  of  serial izabi 1 lty  points  according  to  Definition  4.  Roth 
directions  follow  from  the  definitions.  The  formal  derivation  is 
omitted.  o 

To  illustrate  the  theorem,  the  history  h  above  is  in  Q,  since 
D* (h)  is  acyclic  (Figure  5a).  However,  it  is  not  in  2PL,  because  D’(h*) 
is  not  acyclic  (Figure  5b> .  Naturally,  Theorem  5  yields 

COROLLARY.  Testing  whether  a  history  h«  (n,TT,V,S)  is  two-phase 
locked  can  be  done  in  0(n^|v|)  time.  O 

We  now  turn  to  formalizing  and  studying  in  our  model  the  protocol  P3 
of  [BGRP]  and  [BS] .  Recall  the  digraph  D(h)  defined  for  any  history  h 
in  Subsection  4.1--see  Figure  6a  for  an  illustration  in  the  case  of 

h  -  Rl  IzlR^txlRjIxlWj  |z]R4W2(y,zlW4(x) 


r 


-27- 


Figure  6 


DEFINITION  6.  Let  G(h)  be  the  undirected  graph  corresponding  to 

D (h) — Figure  6b.  A  cycle  in  G(h)  is  a  sequence  (T.  ,  T  )  of 

1  m 

m  >  2  transactions  such  that  [T  ,T  ]  .ire  edges  of  G(h)  , 

J  Vl 

j  •  1 , . . . ,m-l ,  and  so  is  [T  ,T  J.  Notice  that  all  edges  are  cycles 

m  l 

according  to  this  definition.  A  cycle  (T^  ,  ...,T^  )  is  bad  if 

1  m 


[SfJ^  )  U  S(Wi  ))dS(Hi  )  4  0, 
mm  1 

and 

S(R  )  0  S(W  )  *  0  .  O 

i,  1  „ 


Notice  that  in  the  above  definition  the  first  node  of  a  cycle  and 
the  order  of  listing  of  the  nodes  are  important.  For  example,  in 
Figure  6  (T^.T^)  is  a  bad  cycle,  whereas  (T_,,T^)  is  not.  Rad  cycles 

are,  intuitively,  those  cycles  that  can  correspond  to  a  directed  cycle  in 
D(h')  for  some  other  history  h'  involving  the  same  transactions. 


DEFINITION  6  (continued).  Let  h  *  (n,ir,v,S)  be  a  history.  We  say 
that  T^  is  a  pivn'duzn  of  T.  if  there  exists  a  bad  cycle 
(T  ,T  , . . . #T  )  in  G(h).  We  say  that  h  obeys  the  protocol  P3  (notation 

1  j  K 

h€p3)  if  whenever  T.  is  a  guardian  of  T;  we  do  not  have  ^t(R^)  <  n (W^ )  <  s (W^ ) . 


For  example,  consider  the  history  h  of  Figure  6.  The  only  bad 
cycle  in  G(h)--Figure  6b— is  (T^r,),  and  hence  the  guardian  relation 
is  simple:  just  T,  is  a  guardian  of  .  Since  n(W2)  >n(**j)»  we  have 
that  h  €  P3. 

THEOREM  6.  Suppose  that  h»  (n,n,V,S)  is  in  P3.  Then  it  is  also 
in  DSR. 


Proof.  We  shall  show  that  h € P3  implies  that  D(h)  is  acyclic. 

Suppose  that  D(h>  has  a  cycle  (Tj,^ . Tj.  m>2.  Consider  the  arc 

(Tj.T1  +  1)  of  D(h)  --addition  mod  m;  we  have  three  cases: 

a.  S( W.  )  ns(W  ,  >  fil  and  n(W  )  <  ir(W  ,  )  . 

j  j+l  3  3+1 

b.  S(W;)  HS(R|  +  1)  *  0  and  71  (W^ )  <  it  (R  ,  . 

c.  S(R.)  0  S(W.+1)  t  0  and  ir(R^)  <  IMW^)  • 


Notice  that  In  both  cases  (a)  and  (b)  we  have  that  »(W^)  <  it(W^+^),  and 

that  more  than  one  case  may  be  applicable  to  the  same  arc.  Case  (c)  is 
spilt  into  two  subcases. 

(cl)  Cases  (a)  and  (c)  do  not  apply  to  the  arc  (T^  j.T^). 

(c2)  J  *  1 ,  or  case  (a)  or  case  (c)  applies  to  (T^  ^.T^). 

In  case  (cl)  we  have  that  * (W^ _ j )  < *  (R ^ )  < *  (W  ^  ^ )  .  In  case  (c2),  however 
we  notice  that  a  guardian  of  T^.  Consequently,  since  *(R^)  f 

"(W^j)  we  must  necessarily  have  that  *  (W^ )  <  it  (W  ^  +  ^ ) . 

Now,  consider  the  operations  <3^,  J  -  l,...,m,  where  0^  -  if 
case  (cl)  is  applicable  to  the  arc  (T^,Tj+j)  *  an<*  otherwise. 

We  have  shown  that  *(0^)  <  it(O^j)  for  J  •  1 . m  (addition  mod  m). 

This  is  a  contradiction,  since  it  Implies  that  it  (W,  y  it  (W, ) . 


n 


-29- 


Ttieorem  6  implies  the  following,  independently  proved  in  [BS) . 
COROLLARY .  Histones  that  obey  the  protocol  P3  are  serializable,  o 


Oar  next  result  concerns  the  complexity  of  recognizing  those  histories 
that  obey  protocol  P3.  By  the  definition  of  this  class,  this  complexity 
is  determined  by  the  complexity  of  computing  the  guardian  relation  among 


the  transactions  in  a  history.  We  shall  show  how  this  relation  can  be 


computed  efficiently.  For  each  transaction  ,  let  T(T.)  be  the  set 

of  all  transactions  T.  that  satisfy  S(R^)  flS(»0  ?  0.  TTius ,  TlT.) 

is  the  set  of  all  transactions  that  are  possibly  guardians  of  T\  .  To 

determine  whether  a  transaction  T^CTlT^)  is  indeed  a  guardian  of  T^  , 

we  delete  all  edges  (T  ,T^)  such  that  S(W^)  (3  (S(W^)  US(R^)J  ■  0  from 

G(h),  and  then  determine  whether  and  T are  on  the  same  biconnected 

component  of  the  resulting  graph.  This  can  be  done  in  O(n^)  time  by 

the  algorithm  of  {Taj.  If  T.  and  T  are  on  the  same  biconnected 

component,  this  means  that  there  is  a  bad  cycle  (T  ,T  ,...,T  )  in  G(h) , 

j  1  K 

and  hence  is  a  guardian  of  T^;  otherwise,  it  is  not.  Repeating  this 

2  2 

for  all  T  's,  we  get  an  algorithm  of  total  complex  ity  0 (n  ( | V ]  ♦  n  ) ) . 


Hence  we  have 


-30- 


THEOREM  7.  Testing  whether  a  history  h«  (n,u,V,S)  € P3  can  be 

2  2 

done  in  0(n  (|v|  ♦n*'))  time.  a 

4 . 4  The  Class  SSR 

Certain  histories,  though  perfectly  serializable,  have  a  curious — and, 
according  to  some,  undesirable--property .  Consider,  for  example,  the 
history 

h  -  R1[x]R2Wj[x]R3W?[y,z)W1[y]  . 

This  history  is  serializable.  However,  the  only  serial  history  equi¬ 
valent  to  h  is  easily  shown  to  be 

hs  ’  R1vVV'zlR1  !x1wj  ly)R2w, lx] 

What  is  interesting  is  that  in  h  transaction  2  has  completed 
execution  before  transaction  3  has  started  executing,  whereas  the  order 
in  hg  has  to  be  the  reverse.  This  phenomenon  is  quite  counterintuitive, 
and  it  has  been  opined  that  perhaps  the  notion  of  correctness  in  trans¬ 
action  systems  has  to  be  strengthened  so  as  to  exclude,  besides  histories 
that  are  not  seria 1 izable ,  also  histories  that  present  this  kind  of 
behavior.  This  leads  to  the  following  definition: 

DEFINITION  7.  A  history  h*  (n,it,V,S)  is  said  to  be  serialisable 
in  the  strict  sense  (notation:  h € SSR) .  If  there  is  a  serial  history 
h  "  #V,S)  such  that  hlh  ,  and  it  (M.  )  <  ir(R  . )  implies 

s  i  3 


IT*  (W.  )  <  W  (R^)  . 


□ 


-31- 


It  is  not  hard  to  verify  that  all  histories  in  the  class  Q  satisfy 

Definition  7.  To  see  this,  recall  that  a  history  h  in  Q  has  a  set  of 

serializability  points  S  <  S, <  . . .  <  S  ,  say,  such  that  h„ *  R  W  • • *R  W  = h. 

12  n  Sllnn 

Now,  if  it  (W.  )  <  n  (R  )  ,  we  have,  by  the  def  ini  t  ion  of  S ,  ,  S.<tt(W,)<ti(R.) 

i  3  l  l  i  3 

<  S^,  and  therefore  i<  j.  Hence  transactions  i  and  j  have  the  same 
order  in  hg  that  they  have  in  h.  It  follows  that  Q  c  SSR. 

Nevertheless ,  the  classes  Q  and  SSR  are  not  the  same,  as  con¬ 
jectured  by  [Wo] .  A  counterexample  is 

h  -  R^  [ r ] R-,  It]w^[x,z]Rj[x]w^  [x,y]w^[z]R^  (y)W^(x) 

This  history  is  equivalent  to  the  serial  history 

hS  ’  [x,y)R  [zlw , [x,z]R^[x)W^(«]R^(y]W^ [x]  , 

satisfying  Definition  7.  However,  h  is  not  In  Q;  to  check  this,  just 
notice  that  the  diqraph  D' (h)  shown  m  Fiqure  7  is  not  acyclic.  It  is 
not  known  whether  the  class  SSR  Is  efficiently  recogn 1 zahle . 


Fiqure  7 


4. 5  Summary 


The  topography  of  the  set  of  all  histories  H  and  its  subclasses 
SR,  S  (the  serial  histories),  Q,  SSR,  DSR,  P3  and  2PL  is  depicted  in 
Figure  9.  The  inclusions  shown  either  follow  from  the  results  of  this 
section,  or  are  straight-forward.  We  also  show  below  an  example  of  a 
history  for  each  of  the  12  regions  in  this  diagram. 


Figure  H 


Ix]Wi [x]R?(x]W, [x] 

R1fx}R2[y]Wi  (x)Wjyl 

V:VxiVx,w:(y'2,hVyI 

B: [x1r;W2  •ylw1 (zlR^WjIy.*) 

h3  *  h4 

R:  tz,Riw.-  U.zlR^xlWjUlWj  (x,ylR4(yjW4fxJ 

P3  » *  1 R  x  W  j  IxlRjtylW^Wjly] 

R  ,  tz|R1 t*]M  ,tx.s)R3[x]W1 [x,y]W3(z]R4[y]W4 

*1*3*3  fx,IVx,Wl  fx)K,[x) 

h7  *  h4 
h7  *  h9 

Rx  Jx]R,[x)Wl  fxlWjx) 


-34- 


5.  RESTRICTIONS  ON  THE  READ-  AND  WRITE-SETS 

It  turns  out  that  if  w«  impose  certain  restrictions  on  the  structure 
of  the  map  S  of  a  history — i.e.,  the  read-  and  write-sets  of  the  trans¬ 
actions  in  the  history — the  topography  of  H  (shown  in  Figure  8  for  the 
general,  case)  is  simplified  considerably.  The  most  striking  such  result 
is  that  of  (StR) .  a  basic  assumption  in  the  model  of  1SLR) --which  is 
otherwise  more  general  than  the  present  in  that  it  allows  more  than  two 
steps--is  that  no  database  entity  (or  variable)  is  updated,  unless  it  has 
been  previously  read.  In  our  model  and  notation,  this  means  that 
S(W  )  c  S(R  ).  What  is  surprising,  is  that  serial izability,  an  NP-complete 
predicate  in  our  model ,  is  efficiently  decidable  in  theirs.  We  explain 
this  in  view  of  our  previous  discussion  as  follows: 

THEOREM  7.  Suppose  that  for  a  history  h «  (n,t,V,S)  we  have 
S(W  )  c  S(R  )  for  j«*l,...,n.  Then  h  is  serializable  if  and  only  if 
h  is  in  DSR. 

Proof .  It  suffices  to  show  that  if  SfC^)  (lstcj  1  $  and 

T(0,)  <11(0.,)  for  0,,  O,  €  1.  such  that  at  least  one  of  0,,  a.  is  a 

1  2  1  2  n  12 

write  symbol,  then  (0^)  <  t'lO,)  in  any  history  (n,w',V,S)  equi¬ 
valent  to  h.  Suppose  that  ^ Wj >  0 1  “  w ,  •  S(W^)  and  S(W^)  share 

a  variable  x,  which,  by  hypothesis,  is  also  in  S(Rj)  and  SfR^). 
Consequently,  in  h  T1  reads  x  front  either  T^  or  from  another 

transaction  which,  by  the  same  argument,  reads  x  from  another,  and  so 

on,  up  to  Tj .  Now,  notice  that  the  S(R^)  3  S(W  )  assumption  implies 
that  in  any  serializable  history  there  can  be  no  dead  transactions.  Hence, 


V,S)  equivalent  to  h  we  must 


by  Proposition  1,  in  any  history  (n,n 


The  other  two  c.ises  are  settled  very 


also  have  it 


similarly 


It  turns  out  that  the  rest  of  the  classes  of  histories  discussed 


previously  have  a  cons iderably  simpler  structure  under  the  assumption 
that  S(W  )  c  S(R  ).  We  show  below,  without  proofs  the  corresponding 


Qsssr 


Figure  9 


Under  a  different  restriction  on  S,  the  class  SSR  coincides  with  SR 


THEOREM  8.  Suppose  that  in  a  history  h*  (n,n,V,S)  there  is  a 


n  we  have 


x  )  c  V  such  that  for  j  -  1,2 


Then  h  is 


serializable  if  and  only  if  h 6 SSR 


Sketch  of  Proof.  Imagine  that  the  variable  x 


nailing  whether  transaction  T^  has  completed.  Therefore,  if  T^  completed 
in  h  before  T  started,  the  same  must  hold  in  any  other  history  equivalent 


36- 


6.  SCHEDULERS  OF  HISTORIES 

The  practical  importance  of  the  classes  of  histories  2PL  and  P3 
discussed  in  Section  4  stems  from  the  fact  that  they  are  known  to 
correspond  to  simple  schedulers.  A  scheduler  for  a  class  of  histories 
(to  be  defined  formally  below)  is  generally  an  algorithm  that  takes  as 
an  input  an  arbitrary  history--possibly  non-serial i::able--and  returns  a 
history  which  is  the  “closest"  to  the  given  one  among  those  belonging  to 
the  class.  If  the  class  is  a  subset  of  SR,  therefore,  the  scheduler 
guarantees  that  its  output  history  is  serial irable.  Such  a  scheduler 
can  be  used  in  the  senalirability  comjonent  of  the  datalvasc  management 
system.  Of  course,  m  practice  one  would  exjx’ct  that  a  scheduler  operates 
on-line  and  is  reasonably  efficient. 

The  history-input  of  the  scheduler  is  the  sequence  of  arriving 
user  requests.  The  output  of  the  scheduler  is  the  actual  execution 
sequence.  The  basic  fact  that  makes  our  approach  very  different  from 
previous  work  on  concurrency  control  which  was  motivated  by  operating 
systems  (e.g.,  the  notion  of  of  (CD))  is  that  the  supplier 

of  this  input  history  Is  a  population  of  users,  each  user  being  unaware 
of  the  actions  of  the  others.  This  implies  that  the  order  of  arrival 
of  these  requests  has  no  semantic  content  whatsoever,  and  therefore 
the  scheduler  is  not  bound  to  produce  an  output  which  is  equivalent 
(or  related  in  anv  prescribed  way)  to  the  input.  In  fact,  the  operation 
of  the  scheduler  becomes  interesting  and  Important  exactly  when  the 
scheduler  must  necessarily  transform  the  input  to  an  inequivalent  output, 
because  the  input  is  non-serial  liable,  say. 


-  36a- 


There  are,  however,  certain  performance  criteria  that  the  input- 
output  mapping  of  a  scheduler  should  satisfy.  For  example,  a  trivial 
scheduler  which  guarantees  ser ial lrahi 1 i ty  is  the  one  that  outputs 
only  serial  histories.  This  is,  however,  too  restrictive  a  mechanism 
to  be  of  practical  value.  Intuitively,  the  richer  the  output  class, 
the  more  powerful  the  scheduler,  because  a  less  restrictive  class 
of  histories  will  recjuire  less  reshuffling  of  the  oj>erations  and  will 
cause  fewer  and  shorter  unnecessary  delays.  Ideally,  we  would  like  to 
have  a  atria' ixir,  whose  output  spans  all  of  SR.  Unfortunately,  we 
shall  noon  see  that  the  existence  of  such  a  practically  useful  device 
is  very  improbable. 

DEFINITION  S.  Tlie  metric  d(.,.)  on  the  set  H  is  defined  as 
follows : 

a.  d(  (n,",V,S)  ,  (n,C,V,S))  »  n-max{jit*  1  ( i  >  -  0  1  ( i )  ,  i  •  1 , . .  . ,  j  }  . 

b.  d(  (m,n,V,S)  ,  (n,p,W,T))  •  ®  if  any  one  of  ro^n,  V  f  W, 

S*T  holds.  o 

The  distance  between  two  histories  defined  on  the  same  set  of 
transactions  is  therefore  r.  minus  the  length  of  their  longest  coanon 
prefix.  Notice  that  d(.,.)  satisfies  the  metric  axioms.  A  variety  of 
other  metrics  would  suffice  for  what  follows. 


DEFINITION  S  (continued) .  Let  C 

A  s  ’he  hiler  for  c  is  a  function  A  :H 

c 

d  (h , A  (h) )  - 

c 


be  a  non-empty  subset  of  H. 
C  such  that 


□ 


min{d(h,h')  :h'€  c) 


-37- 


Thus,  A  can  bo  thought  of  as  projecting  H  onto  C  under  the 
metric  d(.,.).  Notice  that  A  (h)  and  h  will  not  be  equivalent  in 
general.  The  metric  d(.,.)  requires  that  A_  leaves  histories  in  C 
intact,  and,  in  fact,  it  leaves  intact  as  long  prefixes  of  arbitrary 
histories  as  possible. 

Let  us  restate  now  the  assumptions  of  our  model  of  schedulers 

(a) .  A  scheduler  A  minimizes  the  d-distance  between  its  input 

c 

and  its  output.  This  intuitively  means  that  the  scheduler  operates  on¬ 
line,  and,  furthermore,  that  it  acts  in  an  ;  ti’riet:  '  way:  As  long  as 
the  history  seen  so  far  could  possibly  be  extended  to  a  correct  history 
(here  by  "correct  history"  we  mean  one  which  the  scheduler,  in  its  lim¬ 
ited  sophistication,  recognl.-es  as  correct,  or,  equivalently,  an  ele¬ 
ment  of  C  «  A  (Ht)  the  scheduler  does  not  intervene  to  rearrange  read 
and  write  requests.  As  a  corollary,  if  the  scheduler  is  fed  with  its 
own  output,  it  leaves  it  intact;  it  is  therefore  :  tent,  or  a  projection. 

This  is  a  quite  reasonable  assumption  to  make .  Although  we  cannot 
totally  exclude  the  possibility  of  schedulers  that  operate  otherwise 
(for  example,  anticipating  future  requests  that  will  make  the  history 
non-serial  izable) ,  all  schedulers  proposed  in  the  past  satisfy  this 
Assumption.  Any  scheduler  Implemented  by  natural  constructs  such  as  locks 
(K.P),  (EGLT)  or  queues  has  this  property. 

(b) .  Among  all  histories  in  C  that  have  the  longest  possible  common 

prefix  with  the  input  history,  A  selects  any  one  as  its  output.  Clearly, 

c 

in  practice  this  choice  would  be  made  so  as  to  minimize  some  more  refined 
metric  d'.  However,  the  results  obtained  below  for  our  weaker  metric 


-37a- 


d'  would  apply  Co  more  relaxed  metrics.  Coo. 

We  say  that  A^  is  an  efficient  t*  -heduler  if  A  Is  computable  in 
polynomial  time.  Our  goal  in  this  Section  is  to  understand  which  classes 
of  histories  have  efficient  schedulers.  It  is  tempting  to  conjecture 
that  if  a  class  is  in  P,  then  it  has  an  efficient  scheduler.  This 
conjecture  is  not  plausible,  because,  consider  the  following: 

EXAMPLE.  Let  E-lh^hgih^.  is  serial,  and  hlhj.}. 

Obviously,  E  can  be  recognized  in  polynomial  time ;  the  algorithm 
involves  splitting  a  given  history  in  two  halves,  testing  whether  the 
second  half  is  serial,  and  whether  the  second  half  is  equivalent  to  the 


-38- 


first.  However,  it  is  also  easy  to  see  that  E  cannot  have  an  efficient 
scheduler,  unless  P  •  NP.  Suppose  that  F.  has  an  efficient  scheduler 
A^.  Then  we  could  test  whether  an  arbitrary  history  h  is  serializable 
by  first  computing  A^fh.h),  and  then  checking  whether  AE<hoh)  starts 
with  h.  Since  A£  is  supposed  to  leave  unchanged  as  long  prefixes  of 
its  input  as  possible,  it  will  alter  the  first  half  of  hoh  only  if  h 
is  not  serializable.  Since  serial izabil ity  is  known  to  be  NP-complete,  E 
cannot  have  an  efficient  scheduler  unless  P »  VP.  o 

Our  next  result  essentially  says  that  efficiently  recognizable 
classes  have  efficient  schedulers,  unless  they  are  as  pathological  as 
our  example  E  above.  Let  h«  (n,it,V,S)  be  a  history,  considered  now 
as  a  string  of  symbols  representing  n,V,S  and  the  permutation  it. 

A  prefix  of  h  in  an  inJtiai  segment  of  this  representation,  containing 
the  encoding  of  n,  V,  S,  as  well  as  an  initial  part  of  it — i.e., 

<n  ( 1 ) ,  it  *(2),...,it  1(j)>  for  some  0  <  j  <  2n.  If  C  is  a  class  of 
histories,  then  PR(C)  is  the  set  of  all  prefixes  of  all  histories  in  C. 

THEOREM  9.  Let  C  be  a  subset  of  H.  C  has  an  efficient  scheduler 
if  and  only  if  PR(C)  €  P. 

Proof.  Suppose  that  C  has  an  efficient  scheduler  A^ .  In  order 

to  determine  whether  a  string  g  is  a  prefix  of  a  history  h€C  we  may 

act  as  follows:  we  first  verify  that  g  contains  encodings  of  n,  V, 

and  S,  together  with  an  initial  segment  0  of  a  permutation  it  of  I  . 

n 

We  then  generate  a  ocmpletio>\  0  of  0  by  juxtaposing  to  p  the 
symbols  such  that  R ^  but  not 


is  present  in  P,  and  then  the 


strings  for  all  j's  such  that  neither  R^  nor  W.  appears  in 

0.  We  then  calculate  h'  *  A  ((n,p,V,S)).  It  is  straightforward  to  see 

c 

that  g  is  a  prefix  of  h*  if  and  only  if  g€PR(C).  Thus  we  can 
efficiently  determine  whether  q€PR(C). 

For  the  other  direction,  suppose  that  PR(C)  €  P.  Based  on  the 
recognition  algorithm  for  PR(C)  we  design  an  efficient  scheduler: 
shown  in  Figure  10.  A  computes  A  (h )  •  (n,P,V,S)  by  determining  P 
element-by-element.  It  should  be  obvious  that  A^  operates  as 
prescribed  within  a  time  bound  of  0  (n“"C  (n,  j  V  | ) )  ,  where  C(n,|vj)  is 
the  complexity  of  recognizing  PR(C) .  The  Theorem  follows.  ° 

It  is  now  easy  to  link  the  discussion  of  Sections  3  and  4  with  the 
existence  of  efficient  schedulers.  We  get  two  types  of  results: 

OOROLI^RY  1.  Unless  P-VP,  SR  has  no  efficient  scheduler.  o 

COROLIARY  2.  The  classes  S,  2PL,  P3,  Q,  DSR  have  efficient 

schedulers . 

Proof .  We  have  shown  that  these  sets  are  in  P;  it  is  usually 

straightforward  to  show  that  their  sets  of  prefixes  are  also  in  P  (this 

is  not  a  general  property  of  P;  there  are  languages  in  P  that  have 

non-recursive  sets  of  prefixes).  As  an  illustration,  we  will  sketch  a 

proof  that  PR(P3)  €  P.  First,  given  an  encoding  of  n,  V,  S,  and  a 

segment  p  of  w,  we  first  compute  from  S  the  digraph  F  of  the  guardian 

relation  among  (T, ,...,T  }.  We  next  make  sure  that  whenever  T,  is  a 
In  j 

guardian  of  T^  and  p(W^)  is  defined,  then  either  p(N.)  <  p(W  ),  or 
p(R^)>p(W^),  or  ptR^)  is  undefined.  Finally,  we  make  surt  that  p 


-40- 


Scheduler  A 

C 

Input:  a  history  h"  (n,7T,V,S) 

Output:  a  history  h'  »  (n,p,V,S)€C  such  that  d(h,h')  is  the 

smallest  possible,  if  such  an  h'  exists. 

begin 

if  (n,<  >,V,S)  (f  PR (c)  then  return 

oorrnent  <  >  is  the  empty  permutation; 
else  begin 

p  »■<  >» 

for  j  »  1 , . . . , 2n  do 
begin 

done:  •  false; 

for  i  »  j ,  j*l , . . . , 2n  do  until  done 
if  {n,<p,ir‘l  (i)>,V,S)  €  PR(C)  then 
begin 

done:  *  true; 
interchange  w“*(i)  and 
o t  -  <p,ir  1  (i)>» 
end; 

end; 

end; 

return  (n,p,V,s)i 
end 


Figure  10 


-41- 


can  be  completed  in  a  manner  not  violating  P3.  It  turns  out  that  this 
amounts  to  verifying  that  the  restriction  of  F  to  the  transactions 
that  are  active  (i.e.,  P(R^)  is  defined  but  0  (W  )  is  not)  is  acyclic 

(a  discussion  of  this  part  follows  the  proof).  Hence  we  have  an 
efficient  algorithm  for  PR(P3).  o 


We  show  in  Figure  11,  without  proofs,  stylized  versions  of  efficient 
•.chedulers  for  the  classes  2PL  (lib).  P3  (11a),  DSR  and  Q  (11c;  for  Q 
we  also  include  the  two  statements  labeled  Q) .  besides  serialitability, 
these  algorithms  must  also  guarantee  the  absence  of  deadlooke.  The 
issue  of  deadlocks  appears  to  be-  orthogonal  to  that  of  serialitability, 
and,  in  fact,  clever  serial izabil lty  methods  are  known  to  introduce 
increased  danger  of  deadlocks  of  the  "circular  waiting"  variety  ( (CD) , 
pp.^0  10).  A  unified  treatment  of  serialitability  and  deadlocks  in  a 
restricted  data  model  is  attempted  in  [SK].  In  all  cases  of  interest  to 
is,  deadlocks  can  be  prevented  by  testing  a  dynamically  changing  dwU-Ock 
rnzph  for  acyclicity.  For  example,  in  two-phase  locking  deadlock  can 
■>ccur  if  a  number  of  transactions  have  each  locked  their  read-set,  and 
ire  awaiting  for  each  other  to  release  their  locks.  Hence,  in  this  case 
the  deadlock  qraph  has  variables  as  nodes,  and  has  an  arc  from  x  to  y 
if  and  only  if  some  transaction  currently  on  phase  1  reads  x  and  writes 
y.  In  P3  the  deadlock  graph  is  the  restriction  of  the  guardian  relation 
to  the  currently  active  transactions--this  was  mentioned  in  the  proof  of 
Corollary  2  to  Theorem  9.  Finally  the  deadlock  graph  in  DSR  (resp.,  Q) 


has  as  nodes  the  active  transactions  and  includes  the  arc  (T.,T^)  if 


and  only  if  there  is  a  path  from  T^  to  T^  in  D(h)--resp.  D' (h) — 
and  S(W  )  ns(W  )  *  0. 


Our  notation  in  Figure  11  assumes  that  the  process  or  VT  i 

initiated  as  soon  as  a  corresponding  read  or  write  requests  arrive. 


We  use  constructs  such  as  vtu:n  (denoting  the  awaiting  for  a  condition) 


and  {begin . . . iend  (bracketing  statements  that  are  to  be  executed 
indivisibly) .  It  should  be  obvious  that  these  algorithms  can  be 


implemented  deterministically  and  efficiently  on  any  standard  model  of 


computation . 


-43- 


prooeaa  fr 

U'.en  the  deadlock  graph  with  T.  is  acyclic  do 
output  (R.) 


prooeaa 

•JfUtn  T\  is  not  the  guardian  of  an  active  transaction  do 
output  ( W  ^ ) 

(a) 


proecaa  R^ 

uhen  the  deadlock  graph  with  is  acyclic  and 

no  variable  is  S(R^)  is  read-locked  Jo 


ilagin 


write-lock  all  variables  in  S(R^); 
output  ( R  ^ ) 


tend; 


•jf-.on  a  process  w,  with  SIW^)  ns(R.l  ?  (5  or  i  "  3  has  beer,  initiated  and 


no  variable  in  S(W)  -  S(R^)  is  writelocked  io 


ibagin 


write-lock  and  read-lock  all  variables;  in  S(WJt 
un-write-lock  all  variables  in  S(R  )  -  S (VM  . 


ie>id 


pro<?«fie  w  ^ 

vhen  R^  has  terminated  do 
ibegin  output  (w^ ) 


vend 


unlock  all  variables  in  S(W.) 


(b) 


Figure  11 


-45- 


7.  DISCUSSION 

We  shall  consider  extensions  of  our  results  in  three  directions: 
general  multi-step  transactions,  interpreted  transactions,  and 
distributed  databases. 


7 . 1  Multi-step  Transactions 

We  shall  briefly  discuss  how  our  entire  development  of  Sections  2 
through  6  can  be  easily  extended  to  a  far  more  general  multi-step  model  of 
transactions.  We  consider  transactions  that  consist  of  sequences  of 
steps;  each  step  mav  Involve  both  reading  and  writing.  The  values  written  must 
be  considered  as  uninterpreted  functions  of  all  variables  read  at  the 
present  or  previous  steps  of  the  same  transaction.  Our  definition  of 
liveness  now  applies  to  individual  steps  of  transactions.  No  further 
modifications  are  necessary  for  stating  the  analog  of  Proposition  1. 

Serial izabi lity  is  obviously  NP-complete  in  this  model,  as  it 
subsumes  ours.  Assuming  that  no  transaction  reads  intermediate  results 
of  another  or  reads  two  different  versions  of  the  same  variable  at  two 
different  steps--in  which  case  the  history  is  not  serializable — Lemma  2 
is  also  valid.  The  four  serial izabi 1 ity  principles  discussed  in  Section  4 
remain  virtually  unchanged — in  fact,  two-phase  locking  was  initially  pro¬ 
posed  for  a  similar  model  in  [ECI.TJ.  For  another  example,  we  shall  describe 
in  a  somewhat  more  detailed  manner  the  generalized  F3  class  of  histories. 

In  the  multi-step  model  a  step  s  of  a  transaction  ran  be  an  (i )- guardian 


of  another  transaction,  where  i<  j  are  steps.  This  means  that  s 
interaota  with  i--i.e.,  either  its  write  set  includes  variables  of  i. 


or  vice-versa — and  there  is  a  chain  of  interactions  from  s  to  j.  If 
this  is  the  case,  s  is  not  allowed  to  occur  between  i  and  j.  This 
P3  protocol  always  yields  DSR  (and  hence  serializable)  histories. 

For  the  classes  DSR  and  Q,  we  have  similar  graphs  D(h)  and  D' (h) .  An 
arc  (T^.TJ  is  in  D(h)  if  a  step  of  T^  interacts  with  a  subsequent 

step  of  T  .  For  D' (h) ,  it  may  just  be  that  the  last  step  of  T^ 
precedes  the  first  step  of  T  .  The  acyclicity  of  D(h)  again  guarantees 
serializability,  and  that  of  D'(h)  strict  serial izability.  Hence,  these 
remain  two  most  general  serializability  techniques,  subsuming  two-phase 
locking  and  F3,  in  this  qeneral  setting,  too. 

Finally,  it  is  easy  to  see  that  the  results  of  Section  6--the 
necessary  and  sufficient  condition  for  the  existence  of  efficient 
schedulers  and  its  corol lar ies--apply  even  more  directly  to  multi-step 
histories.  We  hope  that  the  reader  is  by  now  convinced  that  introducing 
general  multi-step  transactions  would  have  resulted  in  an  unmanageably 


cumbersome  notation  but  in  very  few  new  important  ideas. 


7. 2  Interpreted  Transactions 

A  significant  departure  from  our  model  would  be  to  look  more  closely 
into  the  computations  performed  by  the  transactions  and  exploit  their 
details  for  studying  serializability — or  correctness,  in  general.  If 
only  syntactic  Information  about  the  transactions  is  available  (e.g.,  the 
read-  and  write-seta)  then  serializability  can  be  formally  proved  to  be 


-46a- 


the  right  concurrency  concept  (KP).  If,  however,  semantics  of  the 
functions  performed,  or  even  the  Integrity  constraints,  are  known,  then 
It  may  be  the  case  that  more  liberal  concurrency  principles  than  serlali- 
rabllity  are  applicable.  An  example  Is  the  correctness  theory  proposed 
In  [Lai],  where  the  concurrency  control  mechanism  takes  Into  account  In¬ 
formation  about  the  semantics  and  integrit\  constraints  supplied  by  correct 
ness  proofs  of  the  Individual  transactions.  The  extent  to  which  such 
Information  Is  helpful  Is  Investigated  In  [ KP ] . 

It  Is  doubtful  whether  complete  semantic  Information  can  be  used 
effectively  for  concurrency  control.  Any  reasonably  complex  domain  of 
interpretation  (e.g.,  arithmetic)  would  soon  make  the  ser i a  1 1 zab 1 1 1  tv 
problem  undecidable.  There  should  be,  however,  ways  to  use  partial 
semantic  Information  In  order  to  improve  our  understanding  of  serial  1- 
lablllty.  One  possibility  is  to  use  the  fact  that  tw  t ransact Ion# 
perform  precisely  the  same  function:  one  of  the  lmpl 1  at  Ions  Is  that  they 
commute.  It  Is  not  too  hard  to  see  that  this  adds  nothing  to  the  model 
developed  thus  far.  Inc ldenta 1  Iv .  this  allows  us  to  extend  our  original 

model  so  as  to  permit  multiple  occurrences  of  a  transaction  in  a  history. 

Another  possibility  would  be  to  selectively  consider  certain  very 
simple  transactions  to  he  interpreted.  A  good  example  of  a  very  common 
transaction  that  performs  a  wel 1-understood  function  Is  the 
a  transaction  that  reads  x  and  later  records  Its  value  at  y.  Seriallra- 
blllty  become  trickier.  For  example  the  hlstorv 

h  -  !*]BrP3[*lw,(x)wi(y]R4[y]W4lx]Rslx|wc.  IxlWj  |*1 


-4  7- 


ls  not  serializable  in  our  ordinary  sense,  but  becomes  equivalent  to  the 

serial  history  h  "T  T  T  T  T  once  we  assume  that  transactions  3  and  4 
•>  J  1  *  J  *» 

are  copiers.  Proposition  1  becomes  somewhat  more  complex  in  the 
presence  of  copiers.  However,  it  is  interesting  to  note  that  if  copiers 
are  restricted  not  to  read  variables  from  other  copiers,  then  the 
introduction  of  copiers  adds  no  strength  to  our  model,  and  Proposition  1 
and  Lemma  2  remain  unchanged  under  this  assumption.  This  remark  plays 
an  important  role  m  the  next  topic  of  our  discussion. 


7.3  Distributed  Databases 


There  is  a  large  body  of  literature  aiming  at  the  understanding  of 
the  quite  elusive  notion  of  distributed  computing  (see,  for  example  i'.a2]). 
Distributed  databases  have  inherited  some  of  the  intricacies  of  this 
area  (RG] ,  (Th].  We  shall  limit  our  discussion  to  the  case  of  two 

complete  copies  of  the  database  in  different  locations,  although  there 
are  difficulties  which  first  aj>pear  in  the  cases  of  three  copies  or  of 
selective  redundancy  (BSRG) .  A  major  problem  is,  what  happens  when  a 
transaction  is  run  in  one  location,  thus  chanqing  only  one  of  the  two 
copies.  A  simile  technique  for  solving  this  would  be  to  send  an  uf\iate 
me 8 gage  [BGRT]  to  the  other  location  as  soon  as  the  transaction  has 
completed.  We  have  therefore  a  sequence  of  genuine  transactions  and 
update  messages  running  In  the  system,  and  we  can  thus  view  the  two 
copies  of  the  database  as  a  single  database--think  of  the  two  copies  of 
the  variable  x  as  two  variables  x,  and  x,. 

A  difficulty  appears  when  wo  try  to  define  a  history.  The  distributed 
nature  of  our  computation,  the  comminiration  delays  and  imperfect  clocks 
make  temporal  prior ity--on  which  our  ordinary  notion  of  history  was 
based--less  tangible.  The  observation  here  is  that  mistakes  in  our 
arrangement  of  the  events  which  are  due  tr  the  above  factors  preserve 
history  equivalence.  Hence,  we  can  put  together  a  h l s to ry - - the  global 
log  of  [BGRT) --as  long  as  it  is  consistent  with  local  priorities  and 
arrivals  of  messages.  Now,  the  update  messiges  are  in  fact  just  copiers, 
and  they  only  read  variables  that  were  updated  by  ordinary  transactions. 
Hence  the  last  reswirk  of  the  previous  Subse.  tion  is  applicable,  and  the 


49- 


serializability  problem  has  been  reduced  to  the  one  already  studied.'  Of 
course,  we  are  not  just  looking  for  serial lzabil ity ,  but  for  the 
existence  of  an  equivalent  serial  history  in  which  an  ujxiate  message 
inwnediately  follows  the  corresponding  transaction.  This,  however,  does 
not  change  the  essence  of  the  task.  All  our  special  case  results  hold 
with  very  minor  modi f icat ion3 . 

What  is  considerably  more  complex  in  the  distributed  context  is 
the  subject  of  schedulers.  There  is  no  obvious  neat  way  to  compile 
syntactic  restrictions  on  the  glolial  history  into  distributed  algorithms 
that  achieve  them.  It  therefore  appears  that  distributed  history 
schedulers  must  concern  themselves  with  the  details  of  the  underlying 
model  of  distributed  computation  in  order  to  implement  the  intended 
ser lalizabll ity  principle;  !tu<  formidable  algorithms  of  iTh]  and  [BSRGl 
illustrate  this  int.  Nevertheless,  it  is  still  natural  to  conjecture 
that  the  more  general  idea-:  related  to  the  classes  DSR  and  f  would 
prove  advantageous  in  the  distributed  environment  as  well. 


-50- 


7.4  Open  Problems 

We  have  proposed  a  formalism  for  the  concurrency  control  problem  for 
databases.  There  are  two  aspects  of  this  formalism  that  may  limit  Its 
applicability,  and  must  therefore  be  modified  in  a  second  attempt.  One 
Is  our  basic  assumption,  manifested  throughout  the  paper,  that  the  syntactic 
description  of  all  transactions  to  occur  In  the  history  Is  known  to  the 
scheduler  a  priori.  It  is  not  clear  how  to  remove  this  assumption,  and 
still  retain  the  wealth  of  available  solutions.  One  way  would  be  to  have, 
following  (BSRG],  a  certain  number  of  prototype  transactions — or  aUigsee  — 
to  one  of  which  any  arriving  transaction  can  be  matched.  Another  way  out 
would  be  to  adopt  only  tmn8iisti-on-  in:  :vn  concurrency  controls.  Two-phase 
locking  (EGLT]  Is  an  example  of  such  a  concurrency  control,  and  so  would 
be  any  other  locking  scheme.  The  limitations  of  such  approaches  are 
studied  In  (HP).  On  the  other  hand.  It  Is  possible  that  variants  of  the 
schedulers  presented  here  could  also  be  implemented  in  a  transaction-driven 
manner . 

Secondly,  our  way  of  evaluating  the  p< rformance  of  schedulers  is  also 
in  need  of  an  Improvement.  We  propose  onl>  s  qualitative  measure  of  the 
performance  of  a  scheduler — namely  the  set  of  sll  output  histories.  This 
leads  to  only  a  partial  order  of  schedulers.  This  was  shewn  to  be  a 
reasonable  and  uaeful  approximat Ion  of  realltv  when  the  goal  Is  to  derive 
Indicative  results  or  compare  general  principles  of  serial  liability.  It  is 
clear,  however,  that  a  more  concrete  measure  of  performance  is  needed  for 
more  practical  applications.  One  promising  direction  would  be  to  somehow 
count  the  total  number  of  delays  Imposed  on  requests — at  a  first  approximat ion, 
the  number  of  transaction  steps  that  cannot  execute  inssediately  upon  arrival. 


-51- 


This  would  be  a  refinement  of  our  measure:  our  measure,  roughly  speaking, 
assigns  a  perfect  score  to  all  histories  that  remain  the  same,  and  zero 
score  to  all  histories  that  are  changed,  however  small  the  change.  A 
more  refined  measure  might  even  put  to  test  some  of  our  assumptions,  like 
the  "optimistic  scheduler"  assumption  (Section  6):  in  certain  cases  it 
may  be  preferable  to  intervene  and  modify  slightly  the  history,  when 
serializable  completion  becomes  extremely  unlikely,  although  not  impossible. 
Naturally,  adopting  a  more  concrete  measure  of  performance  for  schedulers 
will  most  likely  require  the  introduction  of  specific  and  pragmatic  details 
of  the  particular  application,  and  the  overall  approach  may  have  to  be 
probabi list ic. 

By  considering  onlv  serializablll ty  as  our  notion  of  correctness  we 
have  somehow  limited  our  scope.  Kxamples  of  concurrency  control  techniques 
more  general  than  serial lzabil ity  can  be  found  in  (Lai)  and  ( KL ) .  They 
are  arrived  at  bv  assuming  that  the  scheduler  has  more  than  syntactic  in¬ 
formation  about  the  transaction  svstera  that  it  handles — e.g.,  semantic 
Information  or  understanding  of  the  integrity  constraints.  It  is  pointed 
out  in  (KP)  that  ser i a  1 1 zab 1 1 1 ty  is  Just  one  point  in  the  trade-off 
between  information  and  performance  of  schedulers.  However,  we  feel  that 
there  is  something  natural  about  the  use  of  syntactic  information  for  con¬ 
currency  control,  and  the  importance  of  concurrency  techniques  stronger 
than  serlallzabillty  is  of  limited  practical  value. 

Finally,  we  recall  two  other  problems  that  are  left  open  here:  the 
complexity  of  recognizing  the  class  SSR,  and  developing  techniques  for 
designing  distributed  schedulers  from  syntactic  specifications. 


ACKNOWLEDGMENT 


Many  illuminating  discussions  with  Phil  Bernstein  have  Influenced 
this  work.  Also,  we  acknowledge  helpful  discussions  with  H.T.  Kung,  Dan 
Roaenkrantz,  Jim  Rothnle,  and  Jeff  Ullman,  and  careful  reading  of  the 
manuscript  by  Marco  Casanova  and  an  anonymous  referee. 


REFERENCES 


I AHU  J 

[BGRP  J 

1  BPR ) 

[BS] 

[ BSRG  J 

(CD) 

{ EGLT ] 

[GJ1 


A.  V.  Aho,  J.  E.  Hopcroft,  J.  D.  Ullman.  The  Deeiyn  and  Analysis 
of  Conqiuter  Algorithms,  Addison,  1975. 

P.  A.  Bernstein,  N.  Goodman,  J.  B.  Rothnie,  C.  H.  Papadlmltriou. 
’’Analysis  of  Serializability  of  SDD-1:  A  System  of  Distributed 
Databases  (the  Fully  Redundant  Case)",  IEEE  Trans,  on  Software 
Bngrg.,  Vol.  SE-4,  3,  May  1978. 

P.  A.  Bernstein,  C.  H.  Papadimitriou,  J.  B.  Rothnie.  "Resolving 
Certain  Concurrent  Update  Problems  Without  Locking:  An  Abstract", 
Froc.  IEEE  Workshop  ,  n  OS  iind  DBMS,  Chicago,  1977. 

P.  A.  Bernstein,  D.  W.  Shipman.  "A  Formal  Model  of  Concurrency 
Control  Mechanisms  for  Database  Systems",  Proa.  1978  Berkeley 
Workshop  on  Distributed  Databases  ■  xnd  Computer  Networks,  September 
1978,  Berkeley. 

P.  A.  Bernstein,  D.  W.  Shipman,  J.  B.  Rothnie,  N.  Goodman.  "The 
Concurrency  Control  Mechanism  of  SDD-1:  A  System  for  Distributed 
Databases  (the  General  Case)".  TR  CCA-77-09,  Computer  Corp.  of 
America,  Cambridge. 

F.  G.  Coffman,  P.  Denning.  Operating  Systems  Tlieory,  Prentice  Hall, 
1973. 

K.  P.  F.swaran,  J.  N.  Gray,  R.  A.  Lorie,  1.  L.  Traiger.  "The  Notions 
of  Consistency  and  Predicate  Locks  in  a  Database  System",  CACM, 

19,  11,  1976. 

M.  R.  Garey,  D.  S.  Johnson.  Computers  and  Intractability:  A  Guide 
to  the  Theory  of  IfP-Completenese,  Freeman,  1979. 


-53- 


IKa)  R.  M.  Karp.  "Reducibllit lea  Among  Combinatorial  Problems",  in 

Complexity  of  Computer  Computations,  R.  E.  Miller,  J.  W.  Thatcher 
(•da.),  Plenum,  1972. 

(Ki.)  H.  T.  Rung,  P.  L.  Lehman.  "A  Concurrent  Database  Problem:  Binary 

Search  Trees",  P roc.  •Jth  Intern.  Conference  on  Very  large  Uata~ 

bases,  Berlin,  1978. 

(RE)  H.  T.  Rung,  C.  H.  Papadimitriou.  "An  Optimality  Theory  of  Con¬ 

currency  Control  for  Databases",  Manuscript,  Carnegie-Mellon 
University,  1979. 

(Lai}  L.  Lamport.  "Towards  a  Theory  of  Correctness  for  Multi-Lser  Data 
Base  Systems" ,  TR  CA-7610-0712 ,  Mass.  Computer  Associates,  1976. 

[La2]  L.  Lamport.  "Time,  Clocks  and  Ordering  of  Events  in  a  Distributed 
System",  Comp.  Assoc.  TR  CA-760 3-291 1 ,  1976. 

(LPP]  D.  C.  Luckham,  D.  M.  R.  Park,  M.  S.  Paterson.  "On  formalized 
Computer  Programs",  JCSF,  4,  3,  pp.  220-249,  1970. 

( P BR 1  C.  H.  Papadimitriou,  P.  A.  Bernstein,  J.  B.  Rothnle.  "Computational 
Problems  Related  to  Database  Concurrency  Control",  Proo.  Conf .  on 
Theor.  Comp.  Set.,  Unlv.  of  Waterloo,  1977. 

(PS)  C.  H.  Papadimitriou,  R.  Steiglitz.  Combinatorial  Optimisation 
Algorithms ,  in  preparation. 

(RGJ  J.  B.  Rothnie,  N.  Goodman.  "An  Overview  of  the  Preliminary  Design 

of  SDD-1:  A  System  of  Distributed  Databases",  Proc.  1977  Berkeley 
Workshop  on  Distributed  Data  Management  and  Computer  networks, 

Berkeley,  California,  May  1977. 

(SK)  A.  Sllberschatz,  Z.  Kedem.  "Consistency  in  Hierarchical  Database 
Systema",  Manuscript,  U.  of  Texas  at  Dallas,  1978. 


-54- 


(SLRJ  R.  C.  Stearns,  P.  M.  Lewis,  D.  J.  Rosenkrantz.  "Concurrency 

Control  for  Database  Systems",  Proa.  16th  FOCS,  1976,  pp.  19-32. 
(Taj  R.  E.  Tarjan.  "Depth-first  Search  and  Linear  Graph  Algorithms", 
Sum  J.  Computing,  1,  2,  pp.  146-160,  1973. 

[ThJ  R.  H.  Thomas.  "A  Solution  to  the  Update  Problem  for  Multiple 
Copy  Databases  which  Uses  Distributed  Control",  TR  3340,  BBN, 
Cambridge,  1976. 

[Wo]  W.  Wong.  "Analysis  of  Serializable  Logs",  Manuscript,  Harvard 
University,  1978. 


